Emerging Cyber Threats: Phishing via Google Apps Script

Cybercriminals have discovered a new method for stealing Microsoft 365 accounts by exploiting Google Apps Script, according to TechRadar. This cloud platform, designed for automating tasks in Google services with JavaScript, has become a tool for phishing attacks.

The perpetrators send emails to victims that contain fake invoices from Google. Links in these emails direct to script[.]google[.]com, creating an illusion of legitimacy. When the victim clicks on it, a loading message appears, and clicking the button redirects the user to a counterfeit Microsoft 365 login page that closely mimics the real one. The entered credentials go directly to the hackers.

To better cover their tracks, the fraudsters configure the page to redirect the victim to the actual Microsoft 365 site once the login credentials are entered.

Cybersecurity experts at Cofense have uncovered this scheme and are warning about its dangers. They advise against opening suspicious emails, especially those containing unexpected invoices from Google. It is also important to check email addresses and websites to avoid falling victim to fraud.