Phishing campaign uses Google Cloud Services to steal Office 365 logins


Level 68
Content Creator
Malware Hunter
Aug 17, 2014
Fraudsters looking to collect login details are increasingly turning to public cloud services to host lure documents and phishing pages, making it more difficult for targets to detect the attack.

The trend has gained traction among cybercriminals, who rely on multiple cloud services to host phishing landing pages and the lure documents redirecting to them.

In a campaign this year, fraudsters set up a clever scenario that involves multiple legitimate elements to hide the theft of Office 365 credentials.

Researchers at Check Point describe in a report today that the attackers relied on Google Drive to host a malicious PDF document and Google’s “storage.googleapis[.]com” to host the phishing page.
Researchers full report below: