- Computer pirates are hosting false invoices in the Google Apps script, experts warn
- Invoices are sent by email
- The victims are redirected to a false login page of Microsoft 365
The threat actors that abuse the Google Apps script have been seen to launch convincing phishing attacks and steal the Microsoft 365 login details of the people.
Cybersecurity researchers recently saw one of those campaigns where Google Apps Script used to organize a false invoice.
First, criminals would prepare the usual false bill email. That email would take a link to the invoice that, when you move (or click) the script would point.[.]Google[.]com In this way, criminals would create a false sense of legitimacy with the victims who might think that the invoice really came from Google or a service affiliated with Google.
M365 credentials
By clicking on the link, open a small destination page that indicates “has a pending download available” and a “preview” button. #
The button leads to the real malicious page, which mimics the Microsoft 365 login page, almost to the last detail. Those who do not detect the trick and try to log in, end up transmitting their login credentials directly to the attackers.
To better hide their tracks, criminals configure the page to redirect the real Microsoft 365 site, as soon as the login credentials are provided.
Google Apps Script is a cloud -based command sequences platform that allows users to automate tasks and extend Google Workspace applications such as Gmail, documents, leaves and driving using JavaScript.
For example, a teacher could have a Google Sheets file with the students’ qualifications, and when using the Google Apps script, you could send automatically customized emails, saving manual work hours.
“Phishing’s emails like these are a good example of how attackers take advantage of legitimate domains to make their scams seem more convincing,” said Cofense researchers. “It is important to stay attentive and educate employees about the risk of phishing attacks.”
