Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
This is what happens when an analytics tool becomes a tool for fraudsters.
Researchers at Check Point discovered that they have started using Google Looker Studio, an online data conversion tool, to create phishing pages aimed at stealing cryptocurrencies.
Google Looker Studio (formerly known as Google Data Studio) is a tool for converting data from tables and other sources into customizable, informative reports and dashboards. The service also allows you to build graphs and charts based on data.
Hackers embed the URLs of phishing pages in emails that bypass email security systems due to Looker Studio's good reputation. The emails, allegedly sent on behalf of Google, notify the recipient that they won about 0.75 BTC (about $19,200) as part of participating in the company's premium cryptocurrency program.
By clicking on the URL, victims are taken to phishing pages that contain a Google slideshow with the promise of winning in cryptocurrency, but already in the amount of 1.35 BTC ($34,700). Visitors are asked to enter their crypto wallet details to receive funds, and a timer on the site adds urgency, making the process more convincing and making it harder to recognize signs of fraud. Any Google credentials entered on this page are stolen by cybercriminals and can then be used to hack into other victims accounts, as well as to steal funds from crypto exchanges.
www.youtube.com
Check Point notified Google of the situation on August 22, 2023, but it is still unclear whether the corporation has taken any measures to block the campaign and prevent similar threats in the future. In turn, Google said that users can report malicious content and phishing pages to Google Looker Studio using a special service for reporting. Google also recommended visiting the Google Security Center to get tips and tools on cybersecurity.
The event is a reminder of how important it is to be on your guard and double-check all messages and offers related to finance and cryptocurrencies, even if they come from trusted sources.
Researchers at Check Point discovered that they have started using Google Looker Studio, an online data conversion tool, to create phishing pages aimed at stealing cryptocurrencies.
Google Looker Studio (formerly known as Google Data Studio) is a tool for converting data from tables and other sources into customizable, informative reports and dashboards. The service also allows you to build graphs and charts based on data.
Hackers embed the URLs of phishing pages in emails that bypass email security systems due to Looker Studio's good reputation. The emails, allegedly sent on behalf of Google, notify the recipient that they won about 0.75 BTC (about $19,200) as part of participating in the company's premium cryptocurrency program.
By clicking on the URL, victims are taken to phishing pages that contain a Google slideshow with the promise of winning in cryptocurrency, but already in the amount of 1.35 BTC ($34,700). Visitors are asked to enter their crypto wallet details to receive funds, and a timer on the site adds urgency, making the process more convincing and making it harder to recognize signs of fraud. Any Google credentials entered on this page are stolen by cybercriminals and can then be used to hack into other victims accounts, as well as to steal funds from crypto exchanges.
How Hackers Are Using Google Looker Studio for Social Engineering and Credential Harvesting
Hackers are using social engineering with a Google domain, designed to elicit a user response and hand over credentials to crypto sites.Learn how the attack ...
www.youtube.com
Check Point notified Google of the situation on August 22, 2023, but it is still unclear whether the corporation has taken any measures to block the campaign and prevent similar threats in the future. In turn, Google said that users can report malicious content and phishing pages to Google Looker Studio using a special service for reporting. Google also recommended visiting the Google Security Center to get tips and tools on cybersecurity.
The event is a reminder of how important it is to be on your guard and double-check all messages and offers related to finance and cryptocurrencies, even if they come from trusted sources.
