Search  


New Phishing Scam Uses Google Drawings and WhatsApp Shortened Links by Ravie Lakshmanan 
Tuesday, September 17, 2024, 02:28 AM
Posted by Administrator
Cybersecurity researchers have discovered a novel phishing campaign that leverages Google Drawings and shortened links generated via WhatsApp to evade detection and trick users into clicking on bogus links designed to steal sensitive information.

"The attackers chose a group of the best-known websites in computing to craft the threat, including Google and WhatsApp to host the attack elements, and an Amazon look-alike to harvest the victim's information," Menlo Security researcher Ashwin Vamshi said. "This attack is a great example of a Living Off Trusted Sites (LoTS) threat."

The starting point of the attack is a phishing email that directs the recipients to a graphic that appears to be an Amazon account verification link. This graphic, for its part, is hosted on Google Drawings, in an apparent effort to evade detection.

Abusing legitimate services has obvious benefits for attackers in that they're not only a low-cost solution, but more importantly, they offer a clandestine way of communication inside networks, as they are unlikely to be blocked by security products or firewalls.

"Another thing that makes Google Drawings appealing in the beginning of the attack is that it allows users (in this case, the attacker) to include links in their graphics," Vamshi said. "Such links may easily go unnoticed by users, particularly if they feel a sense of urgency around a potential threat to their Amazon account."

Users who end up clicking on the verification link are taken to a lookalike Amazon login page, with the URL crafted successively using two different URL shorteners -- WhatsApp ("l.wl[.]co") followed by qrco[.]de -- as an added layer of obfuscation and deceive security URL scanners.

The fake page is designed to harvest credentials, personal information, and credit card details, after which the victims are redirected to the original phished Amazon login page. As an extra step, the web page is rendered inaccessible from the same IP address once the credentials have been validated.

The disclosure comes as researchers have identified a loophole in Microsoft 365's anti-phishing mechanisms that could be abused to increase the risk of users opening phishing emails.
Cybersecurity

The method entails the use of CSS trickery to hide the "First Contact Safety Tip," which alerts users when they receive emails from an unknown address. Microsoft, which has acknowledged the issue, has yet to release a fix.

"The First Contact Safety Tip is prepended to the body of an HTML email, which means it is possible to alter the way it is displayed through the use of CSS style tags," Austrian cybersecurity outfit Certitude said. "We can take this a step further, and spoof the icons Microsoft Outlook adds to emails that are encrypted and/or signed."




Note: If this article has helped, please feel free to share. If you'd like to participate and post an article, please send your submissions to info@certificationpoint.org


—————————————---
MARKETING & PROMOTION
—————————————---

Check Out Our Video!
A Smarter Way To Collaborate: https://m.youtube.com/watch?v=hyRxJvIXNR0

Register @ CertificationPoint!
—————————————
https://www.certificationpoint.org/member/index.php?command=signup_page

Find Out More About Student FreelanceWork EXperience Builders
——————————————————————————--------
http://www.certificationpoint.org/stude ... elance.php

Take An Exam Today @ CertificationPoint
——————————--------------------------
http://certificationpoint.net/register.php

APPRENTICESHIPS @ CERTIFICATIONPOINT
——————————-----------------------------------
http://www.certificationpoint.org/Apprenticeship.php

INVESTING IN CERTIFICATIONPOINT
——————————-----------------------
http://www.certificationpoint.org/invest.php

SOCIAL MEDIA
———————
Find us on Twitter: https://twitter.com/@certpointorg
Find us on Facebook: https://www.facebook.com/CertificationPoint
Find us on Google+: https://plus.google.com/117737803640713546061
Find us on Instagram: https://www.instagram.com/certificationpoint/
Find us on Tumblr: https://www.tumblr.com/blog/certificationpoint
Find us on LinkedIn: https://www.linkedin.com/in/certification-point-65a1642b
Find us on Pinterest: https://www.pinterest.com/certoken/

Additional Options For SHARING CertificationPoint
——————————————————-------------
https://www.scribd.com/document/696921433/CertificationPoint-Manifesto
https://www.scribd.com/document/696921430/CertificationPoint-Student-Poster
https://www.scribd.com/document/696921429/CertificationPoint-Student-Flyer
https://www.scribd.com/document/696921428/CertificationPoint-Inc-Course-Catalog-2024
https://www.scribd.com/document/696921427/CertificationPoint-Magazine
add comment ( 49 views )   |  permalink   |  $star_image$star_image$star_image$star_image$star_image ( 2.9 / 83 )

<<First <Back | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | Next> Last>>







Share CertificationPoint & Stay Informed Socially About EduTech?