Cybersecurity researchers have found a new phishing scam. This scam uses Google Drawings and WhatsApp-generated short links to get around security and trick users into clicking bogus links that try to steal sensitive information.
Ashwin Vamshi, a researcher at Menlo Security, said that the attackers used well-known sites like Google and WhatsApp to host parts of the attack. They also used fake Amazon sites to gather victim information.
The attack starts with a phishing email. This email has a link to a Google Drawings image that looks like an Amazon account check link. Using Google Drawings helps the attackers avoid getting caught.
Using legitimate services gives attackers cheap ways to hide their talks inside networks. Security systems don’t block these services.
Vamshi pointed out that Google Drawings works well for attackers. It lets them hide links in pictures. Users might miss these if they’re worried about a possible Amazon account problem.
When users click the check link, they end up on a fake Amazon login page. The link uses two URL shorteners – WhatsApp’s “l.wl[.]co” and qrco[.]de – to hide itself and throw off security scans.
This fake page grabs login details, personal info, and credit card data before sending victims to the actual Amazon login page. For extra security, the bogus page blocks access from the same IP address once it checks the credentials.
In other news, experts have found a weak spot in Microsoft 365’s anti-phishing tools. Bad actors could use this flaw to make users more likely to open phishing emails.
The trick uses CSS to hide the “First Contact Safety Tip,” which alerts users about emails from unknown senders. Microsoft knows about the problem but hasn’t fixed it yet.
Austrian cybersecurity company Certitude explained that HTML emails start with the safety tip, making them open to display changes through CSS styling. They also said this method could even copy the encryption and signature icons that Microsoft Outlook puts in emails.