Many existing security measures do not properly analyze attack language. If the recipient does not recognize the suspicious URL, they are more likely to fall victim to this attack after seeing the familiar and trusted Google landing page. The email seems convincing because the link in the body of the email leads the recipient to a landing page that looks nearly identical to the Google account sign-in page. Why the Google Impersonation Attack was Effective If the recipient falls victim, the attackers would have access to the victim’s account and other sensitive information. The recipient is expected to enter their email credentials on a legitimate-looking sign-in page. The "Decline request" link leads to a fraudulent Google page where the user can either acknowledge or decline the request.Īfter the recipient makes their choice and clicks the Next button, they are redirected to an impersonated Outlook sign-in page-an interesting tactic given that this email was sent to Google users. If the recipient does not want the account to be merged, they are instructed to click the provided link to decline the request. There is a warning that the request will automatically be processed within twenty-four hours. The attackers pose as an automatic email merger notification, stating that a request was made to merge the recipient’s email with a specified Gmail account. This attack in particular uses this method by mimicking an automated Gmail message, claiming that a request was made to add an email to the recipient's account. It is not uncommon to receive a notification from Gmail regarding a range of different account activities. In this account, threat actors sent an urgent account message to trick recipients into inputting their Google credentials, hoping to trick unsuspecting users and gain access to entire Google Workspace accounts.
When attempting to gain credentials to a Google account, the best brand to impersonate is likely Google.
0 kommentar(er)
