In a recent article published by ArmorBlox, they revealed some of the phishing sites hosted on Google services like Google Docs, Google Sites, Google Forms, etc. and because they are hosted on Google’s domain they are getting passed through security filters.
In this article, we will summarize the article by ArmorBlox and present you for quick understanding, and also we will tell you some security measures that you need to keep in mind.
Google Forms Phishing
Some of the attackers are using Google Forms to exploit the recovery information of the users by asking some common security questions. Below is the image for American Express but here in India that could be changed to SBI or any other bank in order to get your Internet Banking details.
Google Sites Phishing
Google provides a free service to create simple websites using sites.google.com domain but attackers are using this to create fake Google or Microsoft login pages. As the domain starts with sites.google.com it might seem legit to naive users. Below is the example of Microsoft Phishing page but it can be for Google too.
Google Docs Phishing
One more free service is known as Google Docs but is acting as a medium to distribute malware. The most common attack is the PaySlip Scam.
These types of attacks are not limited to Google services only but other companies that provide similar services like Dropbox, Canva, Azure, etc.
Also Read: Why should we mask our IMEI?
- Enable 2FA(Two-factor authentication) in all your business, personal accounts.
- Don’t use the same password for your different accounts.
- Always check for sender’s email, type of language used. If you sense anything unusual, just ignore those kinds of emails and research them first.
- Always confirm by calling/texting the person (company officials) and confirm if they sent this kind of email.
This is it for now guys, I hope you learned something new. I will keep sharing useful information to keep you out of trouble.