Scam warning: Millions targeted as Google, Microsoft exploited

·2-min read
Microsoft Outlook and Google Gmail icons in corner bubbles with a concerned woman looking at a laptop.
Millions targeted in scams using popular platforms like Google and Microsoft (Source: Getty)

As organisations all around the world have adopted cloud collaboration tools, like Office 365 and OneDrive, cyber attackers have also followed the trend.

Last year, 59.8 million malicious scam messages were sent from Microsoft Office 365 and more than 90 million were sent or hosted by Google, according to Proofpoint.

In the months from January to March this year alone, that number has already reached seven million malicious messages from Microsoft and 45 million from Google infrastructure.

“The malicious message volume from these trusted cloud services exceeded that of any botnet in 2020, and the trusted reputation of these domains, including outlook.com and sharepoint.com, increases the difficulty of detection for defenders,” Proofpoint said.

Proofpoint said the authenticity of platforms like Microsoft and Google make these scams more believable.

Recently, email regained its status as the number one way for cyber criminals to spread ransomware to compromise accounts, steal information and siphon money.

  • Also watch: How hackers use COVID-19 trends to push phishing scams

What to watch out for

The below phishing attempt features a Microsoft SharePoint URL claiming to host a corporate policy and COVID-19 guidelines document.

The document contains a link leading to a fake Microsoft authentication page designed collect your personal data.

According to Proofpoint, this specific campaign involved around 5,000 messages targeting users in transportation, manufacturing, and business services.

Screenshot of a scam email sent from Microsoft platform
This scam email includes a malicious link (Source: Provided)

In March this year there was a Gmail-hosted scam campaign with a fake employee benefits message and Microsoft Excel attachment targeting manufacturing, technology, and media/entertainment organisations.

If macros are enabled, the scam will install and run ‘The Trick’, a trojan that intercepts and logs banking website visits to steal credentials.

Screenshot of a scam containing fake documents hosted on a Google platform
This scam included a scam attachment designed to install ransomware on the users computer (Source: Provided)

In February 2021, Proofpoint also saw 'aXorist' ransomware campaign from a Gmail-hosted email address.

The scam attempts to trick accounting users into accessing password-protected zipped MS Word documents. These documents contain macros which, if enabled, drop the ransomware.

Screenshot of a scam email hosted by Microsoft targeting those who work in accounting.
This scam targets those who work in accounting (Source: Provided)

Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint said: “Our research clearly demonstrates that attackers are using both Microsoft and Google infrastructure to disseminate malicious messages and target people as they leverage popular cloud collaboration tools." 

"When coupled with heightened ransomware, supply chain, and cloud account compromise, advanced people-centric email protection must remain a top priority for security leaders.”

This content is not available due to your privacy preferences.
Update your settings here to see it.
Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting