Connect with us

Hi, what are you looking for?



New Phishing Campaign Launched via Google Looker Studio

Check Point has observed a wave of phishing attacks launched via Google Looker Studio to steal credentials and funds from intended victims.

Cybersecurity firm Check Point is warning of a new type of phishing attacks that abuse Google Looker Studio to bypass protections.

Google Looker Studio is a legitimate online tool for creating customizable reports, including charts and graphs, that can be easily shared with others.

As part of the observed attacks, threat actors are using Google Looker Studio to create fake crypto pages that are then delivered to the intended victims in emails sent from the legitimate tool itself.

The message contains a link to the fake report, claiming to provide the victim with information on investment strategies that would lead to significant returns.

The recipient is lured into clicking on the provided link, which redirects to a legitimate Google Looker page, hosting a Google slideshow claiming to provide instructions on how the recipient could receive more cryptocurrency.

The victim is then taken to a login page where they are shown a warning that they need to log into their account immediately, or risk losing access to it. This page, however, is designed to steal the provided credentials.

Check Point’s analysis shows that the attack manages to pass email authentication checks that prevent spoofing because the sender’s IP address is listed as authorized for a subdomain.

Advertisement. Scroll to continue reading.

Furthermore, it passes checks against the tampering with message contents in transit (DKIM) and DMARC protections because these verifications are automatically made for the domain, which also leads to no action being taken if the checks fail.

“This is a long way of saying that hackers are leveraging Google’s authority. An email security service will look at all these factors and have a good deal of confidence that it is not a phishing email, and that it comes from Google. And it does! Because the attack is nested so deep, all the standard checks will pass with flying colors,” Check Point notes.

The security firm also points out that, while these protections will likely fail in this attack, the recipients’ vigilance might save the day.

The campaign has been ongoing for several weeks. Google was informed of these attacks on August 22, Check Point says.

Related: Google AMP Abused in Phishing Attacks Aimed at Enterprise Users

Related: Malicious QR Codes Used in Phishing Attack Targeting US Energy Company

Related: Google Paid Out $12 Million via Bug Bounty Programs in 2022

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The easiest way for a cyber-attacker to gain access to sensitive data is by compromising an end user’s identity and credentials. Things get even...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Fraud & Identity Theft

Famed hacker Kevin Mitnick has died after a battle with pancreatic cancer.  At the time of his death, he was Chief Hacking Officer at...


The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...


The Single Most Important Part of Dealing with a Phishing Attack is Preparing for the Attack Before it Actually Happens.


Enterprise users have been warned that cybercriminals may be trying to phish their credentials by luring them with fake emails that appear to be...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...