Cybercriminals have started using a new scheme to steal Microsoft 365 accounts, using the Google Apps Script platform. About this informsTechRadar.
This cloud platform, created to automate processes in Google services using JavaScript, has now become a tool in phishing attacks. Scammers send emails containing fake invoices on behalf of Google. The link in the email goes to script\[.]google\[.]com, which gives the impression of a legitimate source.
When following this link, the user sees a message about preparing to download, and clicking the button takes the user to a fake Microsoft 365 login page that looks as close as possible to the real one. Entered data automatically falls into the hands of criminals. In order not to arouse suspicion, attackers set up an automatic redirection to the real Microsoft 365 site immediately after entering credentials.
Cyber security experts at Cofense have identified this fraudulent scheme and are warning about its threat. They recommend being careful with emails, especially those containing unexpected Google invoices, and carefully checking sender addresses and websites to avoid becoming a victim of phishing.
