New Phishing Campaign Launched via Google Looker Studio
Cybersecurity firm Check Point is warning of a new type of phishing attacks that abuse Google Looker Studio to bypass protections. Google Looker Studio is a legitimate online tool for creating customizable reports, including charts and graphs, that can be easily shared with others. As part of the observed attacks, threat actors are using Google Looker Studio to create fake crypto pages that are then delivered to the intended victims in emails sent from the legitimate tool itself. The message contains a link to the fake report, claiming to provide the victim with information on investment strategies that would lead to significant returns. The recipient is lured into clicking on the provided link, which redirects to a legitimate Google Looker page, hosting a Google slideshow claiming to provide instructions on how the recipient could receive more cryptocurrency. The victim is then taken to a login page where they are shown a warning that they need to log into their account immediately, or risk losing access to it. This page, however, is designed to steal the provided credentials.