New Phishing Scam Exploits Google Drawings and WhatsApp Links to Steal Sensitive Info
Cybersecurity researchers have uncovered a sophisticated phishing campaign that utilizes Google Drawings and WhatsApp shortened links to evade detection and trick users into divulging sensitive information. This novel attack highlights the evolving tactics employed by threat actors to bypass security measures and exploit trust in legitimate services.
The Attack
The phishing campaign begins with an email directing recipients to a graphic hosted on Google Drawings, masquerading as an Amazon account verification link. This initial step leverages Google's trusted reputation to evade detection. This contains a link that, when clicked, redirects users to a fake Amazon login page. This page is designed to harvest credentials, personal information, and credit card details.
Evasion Techniques
To further obfuscate the attack, the URL is shortened using two different URL shorteners: WhatsApp ("l.wl[.]co") followed by qrco[.]de. This multi-layered approach deceives security URL scanners and makes it challenging for users to identify the phishing attempt.
Exploiting Trust
The use of Google Drawings and WhatsApp links exploits the trust users have in these legitimate services. By hosting the attack elements on trusted platforms, attackers can bypass security measures and increase the likelihood of users clicking on the bogus links.
Microsoft 365 Anti-Phishing Loophole
In a related development, researchers have identified a loophole in Microsoft 365's anti-phishing mechanisms. This vulnerability allows attackers to hide the "First Contact Safety Tip" using CSS trickery, increasing the risk of users opening phishing emails. Microsoft has acknowledged the issue but has yet to release a fix.
Stay Vigilant
This phishing campaign serves as a reminder to remain cautious when interacting with links and emails, even if they appear to come from trusted sources. Users must be vigilant and verify the authenticity of requests for sensitive information. Organizations should also reinforce security measures and educate employees on the latest phishing tactics.
Protect Yourself
- Be cautious with links and emails from unknown sources
- Verify the authenticity of requests for sensitive information
- Use two-factor authentication whenever possible
- Install Net Protector Antivirus and protect your privacy
- Other (42)
- Ransomware (128)
- Events and News (26)
- Features (45)
- Security (433)
- Tips (79)
- Google (22)
- Achievements (9)
- Products (33)
- Activation (7)
- Dealers (1)
- Bank Phishing (42)
- Malware Alerts (195)
- Cyber Attack (221)
- Data Backup (11)
- Data Breach (80)
- Phishing (139)
- Securty Tips (1)
- Browser Hijack (16)
- Adware (15)
- Email And Password (67)
- Android Security (56)
- Knoweldgebase (38)
- Botnet (15)
- Updates (3)
- Alert (71)
- Hacking (57)
- Social Media (7)
- vulnerability (54)
- Hacker (31)
- Spyware (8)
- Windows (6)
- Microsoft (21)
- Uber (1)
- YouTube (1)
- Trojan (2)
- Website hacks (3)
- Paytm (1)
- Credit card scam (1)
- Telegram (3)
- RAT (5)
- Bug (3)
- Twitter (2)
- Facebook (7)
- Banking Trojan (5)
- Mozilla (2)
- COVID-19 (5)
- Instagram (2)
- NPAV Announcement (5)
- IoT Security (1)
- Deals and Offers (1)
- Cloud Security (8)
- Offers (5)
- Gaming (1)
- FireFox (2)
- LinkedIn (2)
- WhatsApp (4)
- Amazon (1)
- DMart (1)
- Payment Risk (4)
- Occasion (2)
- firewall (1)
- Cloud malware (2)
- Cloud storage (2)
- Financial fraud (7)
- Impersonation phishing (1)
- DDoS (4)
- Smishing (2)
- Whale (0)
- Whale phishing (3)
- WINRAR (2)
- ZIP (2)