Subj : These next-level phishing scams use PayPal or Google Docs to stea To : All From : TechnologyDaily Date : Fri Mar 24 2023 16:15:03 These next-level phishing scams use PayPal or Google Docs to steal your data Date: Fri, 24 Mar 2023 16:09:20 +0000 Description: What if your next phishing attack came straight from Google? Would you click that link? Hackers are betting on it. FULL STORY ====================================================================== Unidentified threat actors are leveraging legitimate services such as PayPal or Google Workspace to send out phishing emails and bypass virtually all email security solutions available today. A report from cybersecurity researchers Avanan has detailed how hackers managed to force these services to send out phishing email on their behalf, thus tricking email security solutions. For criminals, the problem with phishing emails is that the domains from which theyre sent, the emails subject lines, as well as the content, all get scanned by email security products and often dont make it into the victims inbox. However, when that email comes from Google, the security product has no other choice but to let it through. Fake invoices Now, if a threat actor creates a malicious Google Docs file with a link to a phishing site, and simply tags the victim in it, Google will send out the notification without raising any alarms. That document can be anything, from a fake invoice, to a fake notification of a service being renewed. Usually, the common denominator for all these emails is that something needs to be addressed urgently, otherwise the victim will lose money. The same thing is with PayPal. An attacker can generate a fake invoice with a link to the phishing website in the invoices description, and just mail it via PayPal to the victim. Read more > What is phishing and how dangerous is it? > Everything you need to know about phishing > Here's our list of the best endpoint protection services around Besides these two companies, threat actors have also been impersonating SharePoint, FedEx, Intuit, iCloud, and others, the researchers claim. Most of the time, hackers engaged in phishing are looking for credentials to sensitive systems which they can later use to distribute more dangerous malware (for example, to run a ransomware operation). In other cases, theyd go after payment information, either to sell it on the black market, or to use it to fund illegal activities (such as DDoS-as-a-service, for example). Check out the best firewalls right now ====================================================================== Link to news story: https://www.techradar.com/news/these-next-level-phishing-scams-use-paypal-or-g oogle-docs-to-steal-your-data --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .