New Phishing Attack Exposed Login Credentials Through Google Search

Phishing Attack Google Featured

With each day, month, and year that passes, it’s clear that cyberattacks are just not going away. Any business, person, or industry can be attacked at any given time. The latest is a phishing scam that attacked major industries, such as construction, and exposed login credentials through Google search.

Phishing Scam Exposed Through Google

Check Point Research alerted the world through a blog post that stolen login credentials from major industries were released on compromised WordPress domains. It was then discovered in the most public forum possible: Google search.

It all started with emails that included employee names or titles in the subject line of fraudulent emails. The employees were from industries that include construction, IT, health care, real estate, and manufacturing. These emails mimicked Xerox/Xeros notifications that originated from a Linux server and were hosted on Microsoft Azure. Spam was sent as well through email accounts that had earlier been compromised, lending the messages legitimacy.

Phishing Scam Google Search

HTML files containing embedded JavaScript code were attached to the emails. These had just one goal: undercover background checks of passwords. When the input of login credentials was detected, they were harvested, with users being directed to login pages.

“While this infection chain may sound simple, it successfully bypassed Microsoft Office 365 Advanced Threat Protection (ATP) filtering and stole over a thousand corporate employees’ credentials,” according to Check Point.

The hijacked websites included in this cyberattack were built on the WordPress CMS. Check Point explained that these domains were used as “drop-zone servers” to process the stolen login credentials.

After the login credentials were sent to the drop-zone servers, it was saved in files that were then indexed by Google, making them public. They were available to anyone through a search on Google. But the servers were only used for around two months, linked to .XYZ domains.

Phishing Scam Google Login

“Attackers usually prefer to use compromised servers instead of their own infrastructure because of the existing websites’ well-known reputations,” explained Check Point. “The more widely recognized a reputation is, the chances are higher that the email will not be blocked by security vendors.”

A Warning for the Future

Evidence that was discovered shows that this particular phishing scam may have been around for some time. An email from last August was compared with the recently discovered scam, and they had the same JavaScript encoding.

It all just shows that we just can’t let our guard down. Major industries and any individual or business can be affected, and it can involve such tech giants as Google and WordPress. Nothing is ever safe when it comes to the Internet. Always be aware and take care of your information.

Read on to learn how the work-from-home trend has led to an increase in cyberattacks and fake collaboration apps.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox

Laura Tucker Avatar

Read next

Octopuses possess roughly 500 million neurons distributed across their body, with two-thirds located in their arms rather than their central brain, meaning each arm can taste, problem-solve, and react to stimuli independently of whatever the octopus is otherwise paying attention to.
The Roman aqueduct at Segovia, built around the first century AD without mortar, still carried water into the 1970s, its 167 granite arches held together by nothing but the precise weight distribution of stones cut to fit each other within fractions of a millimeter.
When the SS Great Eastern laid the first working transatlantic telegraph cable in 1866, a message that had taken ten days by steamship suddenly crossed the ocean in minutes, and the financial markets of London and New York were forced, within a single trading week, to invent the modern concept of synchronised global price.
The Big Ear telescope was scanning at 1420.4056 megahertz on the night of 15 August 1977, the exact frequency at which hydrogen atoms vibrate across the universe, because Giuseppe Cocconi and Philip Morrison had argued years earlier that any species trying to be found would broadcast on that channel — and then, for 72 seconds, something did.
In 2016, archaeologists dated two rings of snapped stalagmites in France’s Bruniquel Cave to 176,500 years ago, evidence that Neanderthals had walked 336 metres into darkness with fire and built architecture deep underground long before modern humans reached Europe
Otto von Bismarck was 74 when Germany adopted the world’s first national old-age social insurance program in 1889, setting the pension age at 70 after years of fighting socialists with bans, laws, and a promise few workers would live long enough to use
When cosmonaut Valeri Polyakov stepped out of his Soyuz capsule in March 1995 after 437 consecutive days aboard Mir, doctors recorded him at several centimetres above his pre-flight height, and his spine had become so unaccustomed to gravity that the recovery team carried him to a chair rather than risk the compression of letting him walk.
When Bell Labs engineer Karl Jansky pointed a rotating antenna at the sky in 1932 looking for sources of transatlantic radio static, he kept picking up a faint hiss that peaked every 23 hours and 56 minutes, and he eventually realized he had become the first human to hear the center of the Milky Way.