Cybersecurity firm Check Point has raised an alarm about a new and insidious phishing campaign exploiting Google Looker Studio. This campaign aims to deceive users into divulging their credentials and potentially losing funds.
Furthermore, the attackers leverage Google Looker Studio, a legitimate tool for creating customizable reports, to generate fraudulent crypto-related pages. These deceptive pages are then sent to victims in emails that appear to originate from the authentic tool itself.
The phishing message contains a link to a counterfeit report, promising recipients lucrative investment strategies. When victims click the link, they are redirected to a genuine Google Looker page hosting a slideshow that purports to offer instructions for acquiring more cryptocurrency.
Subsequently, victims are directed to a login page that warns of immediate account loss unless they log in, but it’s designed to harvest their login details.
Notably, Check Point’s analysis revealed that the attack successfully evades email authentication checks due to the sender’s IP address being listed as authorized for a google.com subdomain.
Despite these email security checks failing, Check Point emphasizes the importance of user vigilance as a crucial defense. The phishing campaign has been active for several weeks, and Google was notified of the attacks on August 22, according to Check Point.