Behind the Script: Unmasking Phishing Attacks Using Google Apps Script

SUMMARY :

A sophisticated phishing campaign has been identified that leverages Google Apps Script to create a false sense of security. The attack begins with an email masquerading as an invoice, containing a link to a webpage hosted on Google's trusted environment. When clicked, the link redirects to a fake invoice page, followed by a fraudulent login window designed to capture credentials. The use of Google's domain (script.google.com) adds credibility to the scam, making it more likely for users to fall victim. Once credentials are entered, they are transmitted to the attacker, and the user is redirected to a legitimate Microsoft login page to avoid suspicion. This technique demonstrates how threat actors are exploiting trusted platforms to make their attacks more convincing and effective.

OPENCTI LABELS :

phishing,social engineering,credential theft,email spoofing,google apps script,invoice scam,microsoft login


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Behind the Script: Unmasking Phishing Attacks Using Google Apps Script