Cybersecurity researchers have uncovered a new phishing campaign where attackers abused a legitimate Google Cloud email feature to trick users. Instead of hacking Google directly, the criminals misused an official automation service to send emails that appeared genuine. Because the messages came from a trusted Google-related address, many recipients did not suspect anything unusual. This made the attack highly effective and difficult to detect.
The campaign was discovered by security researchers at Check Point, who found that attackers exploited Google Cloud Application Integration. This service is normally used by organizations to send automated notifications and alerts. In this case, it was abused to send phishing emails from an address that looked like it belonged to Google. The emails appeared professional and matched the style of real Google system messages.
During the attack period, nearly 9,400 phishing emails were sent to around 3,200 organizations worldwide. Most of the targeted victims were businesses, especially in the United States, but other regions were also affected. Industries such as manufacturing, technology, financial services, and SaaS companies were among the main targets. The attackers focused on organizations where stolen credentials could cause serious damage.
The phishing emails were designed to look routine and harmless. Some messages claimed the recipient had received a voicemail or gained access to a document. These messages encouraged users to click a link for more information. Because the emails looked like normal business notifications, many users trusted them and followed the instructions without hesitation.
Once a victim clicked the link, the attack moved through multiple steps to hide its real intent. The link first led to a legitimate Google Cloud storage page, which helped build trust. From there, users were redirected to another page that displayed a fake CAPTCHA verification. This step made the process appear secure and also helped bypass automated security scanners.
After completing the CAPTCHA, victims were redirected to a fake Microsoft login page. The page closely resembled an official Microsoft or Office 365 sign-in screen. If users entered their email address and password, the information was immediately captured by the attackers. This allowed the criminals to gain unauthorized access to corporate accounts.
Security experts emphasized that Google’s systems were not breached during this campaign. The attackers only abused a legitimate feature that allows automated emails to be sent through Google Cloud services. Once the misuse was reported, Google took action to block the malicious activity and prevent further abuse of the feature. Google also confirmed it was strengthening protections against similar attacks.
This incident highlights how cybercriminals are increasingly abusing trusted platforms rather than relying on obvious scam emails. By using well-known services like Google Cloud, attackers can make phishing campaigns more convincing. Experts advise users to be cautious with unexpected emails, even from trusted sources. Enabling multi-factor authentication and verifying links before signing in remain critical defenses.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
