Google Apps Script Exploited in Sophisticated Phishing Strategies

Google Apps Script Exploited in Sophisticated Phishing Strategies

Blog Article

A different phishing campaign is noticed leveraging Google Apps Script to deliver deceptive content created to extract Microsoft 365 login qualifications from unsuspecting consumers. This method utilizes a dependable Google platform to lend believability to destructive back links, thus increasing the chance of person interaction and credential theft.

Google Apps Script is often a cloud-based scripting language developed by Google that allows end users to extend and automate the capabilities of Google Workspace applications which include Gmail, Sheets, Docs, and Travel. Developed on JavaScript, this Resource is usually used for automating repetitive tasks, creating workflow remedies, and integrating with external APIs.

In this particular distinct phishing operation, attackers develop a fraudulent invoice document, hosted through Google Apps Script. The phishing approach typically begins by using a spoofed e-mail showing to notify the receiver of a pending invoice. These email messages incorporate a hyperlink, ostensibly resulting in the Bill, which utilizes the “script.google.com” domain. This domain is surely an Formal Google domain useful for Applications Script, which often can deceive recipients into believing that the website link is safe and from a dependable source.

The embedded website link directs customers to the landing web page, which can include things like a information stating that a file is obtainable for obtain, in addition to a button labeled “Preview.” Upon clicking this button, the consumer is redirected to some solid Microsoft 365 login interface. This spoofed page is created to intently replicate the authentic Microsoft 365 login screen, together with layout, branding, and person interface factors.

Victims who don't figure out the forgery and commence to enter their login credentials inadvertently transmit that facts directly to the attackers. Once the qualifications are captured, the phishing site redirects the consumer to your legit Microsoft 365 login site, developing the illusion that almost nothing strange has transpired and reducing the possibility the consumer will suspect foul Perform.

This redirection system serves two primary needs. First, it completes the illusion which the login attempt was schedule, lowering the chance that the sufferer will report the incident or improve their password immediately. 2nd, it hides the malicious intent of the sooner conversation, rendering it more difficult for security analysts to trace the party devoid of in-depth investigation.

The abuse of trusted domains such as “script.google.com” offers an important problem for detection and prevention mechanisms. E-mails containing inbound links to highly regarded domains often bypass basic e mail filters, and end users are more inclined to trust links that appear to come from platforms like Google. This type of phishing marketing campaign demonstrates how attackers can manipulate well-recognised expert services to bypass traditional stability safeguards.

The technical foundation of this attack relies on Google Apps Script’s Website app capabilities, which allow developers to build and publish web programs available by way of the script.google.com URL structure. These scripts could be configured to provide HTML content material, deal with kind submissions, or redirect users to other URLs, producing them well suited for destructive exploitation when misused.