UPDATE: A **massive phishing campaign** impersonating **Google services** has just been uncovered, targeting approximately **3,200 businesses** in the United States and beyond. Cybersecurity experts from **Check Point** report that nearly **10,000 phishing emails** have been sent in the past two weeks, exploiting legitimate Google infrastructure to deceive victims.
The attacks leverage **Google Cloud Application Integration**, allowing scammers to send emails that appear to originate from **[email protected]**. This technique provides a false sense of security, as the emails mimic actual Google notifications, increasing the likelihood of victims clicking on malicious links.
Most affected sectors include **manufacturing (19.6%)**, **technology/SaaS (18.9%)**, and **finance/banking/insurance (14.8%)**. Notably, **48.6%** of the victims are located in the **United States**, highlighting the urgent risk to U.S. businesses.
The phishing emails often feature common lures, such as **pending voicemail notifications** or alerts about shared documents. Victims are redirected through a trusted Google Cloud service link, **storage.google.cloud.com**, which ultimately leads them to a **fake Microsoft login page** designed to harvest their credentials. The attackers even implement a fraudulent CAPTCHA to bypass security measures, making the scam more effective.
Google has confirmed that they are aware of the situation and stated, “several phishing campaigns” abusing their application integration tools have been blocked. They emphasize that this is an abuse of an automation tool, not a breach of their infrastructure. “Importantly, we have implemented protections to defend users against this specific attack,” a Google spokesperson stated. They encourage vigilance as malicious actors often spoof trusted brands.
As this situation unfolds, businesses are urged to remain cautious and verify the legitimacy of unexpected notifications. Cybersecurity experts recommend implementing robust security measures, including multi-factor authentication and regular employee training on identifying phishing attempts.
This phishing campaign is a stark reminder of the evolving tactics used by cybercriminals and the need for ongoing vigilance in the digital landscape. With **thousands** of businesses at risk, immediate action is essential to prevent further breaches.
Stay tuned for further updates as this story develops. Follow **TechRadar** for the latest news and expert analysis on cybersecurity threats.
