Understanding the New Phishing Threat
Phishing scams are becoming increasingly sophisticated, using trusted platforms like Google Drawings and WhatsApp to deceive users. Researchers from Menlo Security have identified a new campaign that cleverly combines these platforms to execute a phishing attack.
How the Scam Works
The attack begins with a phishing email that appears authentic, urging users to verify their Amazon account. The email contains a link to what seems like a legitimate Amazon page. However, this link directs users to an image hosted on Google Drawings. The choice of Google Drawings is strategic, as legitimate services are often trusted by users and less likely to be flagged by security systems.
Google Drawings is typically used for creating and sharing graphics. In this scam, attackers exploit its ability to embed links within graphics. For instance, a graphic may display a "Verify Your Account" button that, when clicked, redirects to malicious sites.
Link Shortening for Deception
To make the attack more convincing, attackers use link shorteners like those from WhatsApp and "qrco.de". These services condense lengthy URLs into short links that look less suspicious to users and security software. When clicked, these links lead to a fake Amazon login page designed to steal personal and financial information.
Obfuscating the Attack
The attack further obfuscates detection by redirecting victims to the actual Amazon page after their credentials are stolen. This step not only covers the attackers' tracks but also reduces suspicion as users might assume they mistyped their information initially.
Exploiting Microsoft 365 Vulnerabilities
In a related discovery, researchers found vulnerabilities in Microsoft 365's anti-phishing tools. Attackers can manipulate CSS (Cascading Style Sheets) to hide security warnings, such as the "First Contact Safety Tip", which notifies users about potential threats in emails from unfamiliar addresses.
This CSS manipulation can also be used to spoof encrypted email icons, misleading users into believing an email is secure.
Protecting Yourself from Phishing Attacks
To safeguard against such scams, users should:
- Be wary of unsolicited emails asking for personal information.
- Double-check URLs before clicking, even if they appear to be from trusted sources.
- Use comprehensive security software to detect and block suspicious activities.
By staying informed and cautious, individuals can better protect themselves from these evolving phishing threats.
