New Google-Themed Phishing Wave Hits Over 3,000 Global Organisations

Check Point researchers found a phishing scam abusing Google Cloud to target organisations worldwide. Scammers use official domains to steal logins. Read the full details in this exclusive report.

A recent investigation by researchers at Check Point Harmony Email Security uncovered a clever new phishing scam targeting businesses worldwide. Over the last 14 days, it was found that cybercriminals have been abusing Google’s own automated systems to send out thousands of malicious emails that look 100% official.

How the Attack works

According to Check Point’s report, this newly discovered campaign uses a tool called Google Cloud Application Integration. This service is normally used by companies to set up workflow automation, like sending automatic alerts. However, scammers have found a way to use this feature to send emails directly from a legitimate Google address: [email protected].

Because the emails come from a real Google domain, they easily bypass traditional ...