15 August 19, 15:05
Quote:A highly targeted phishing campaign was recently observed while bypassing a Microsoft email gateway using documents shared via the Google Drive service to target the staff of a company from the energy industry.
Google Drive is a file storage and synchronization service created by Google that enables its users to store files in the cloud and effortlessly synchronize them between devices and platforms. The documents used to link to the phishing landing page were delivered using Google Docs, Google's online word processor.
The phishing messages spotted by Cofense security researchers impersonated the CEO of the company and tried tricking the employees to open an "important message" shared via Google Docs, Google's online word processor.
"The email is legitimately sent by Google Drive to employees and appears to be shared on behalf of the CEO by an email address that does not fit the email naming convention of the targeted company," found Cofense.
Read more below:
https://www.bleepingcomputer.com/news/se...-gateways/
https://cofense.com/phishing-campaigns-i...gy-sector/