Organisations around the world have been going through a very serious threat from credential phishing campaigns. As cloud technologies continue to grow, cyber threat actors explore better ways to exploit and harvest victims’ company credentials as a corporate foothold.
A new campaign uses Google Firebase storage URLs to gather the victims’ details. Google Cloud Storage backs up Firebase Storage and offers uploads and downloads of files for Firebase apps. The phishing emails have URLs embedded into it.
Currently, the campaign seems to be low in volume, but it looks as though it will aim for specific industries. The main enticing methods include raising payment invoice, upgrading email account, releasing pending messages, verifying the account, challenging password, among others.
One of the examples is that the scammers use the coronavirus pandemic and internet banking as a way to bring in victims by getting them to click on a fake vendor payment form that brings them to a phishing page managed on Firebase Storage.
In some of the duplications of the scheme, it also includes fake bank emails to customers. Google Firebase cloud storage hosts these fake bank pages, where the customer/company details are gathered by scammers.
Credentials that have been gathered due to phishing are usually used as an initial trigger to release more advanced attacks. This is another example of scammers grasping cloud infrastructure for the use of phishing attacks.