On March 2, 2023, Google’s Threat Analysis Group (TAG) released an advisory on a highly targeted phishing campaign. The attackers use fake Google News articles to lure targets to a phishing site that steals their Google credentials. This campaign is particularly dangerous as it bypasses detection by most security software..
**Campaign Overview**.
The campaign starts with a phishing email containing a link to a fake Google News article. The article may appear to be from a legitimate news source, but it contains malicious code that redirects the victim to a phishing site. The phishing site is designed to look like the real Google login page, but it is actually controlled by the attackers..
Once the victim enters their Google credentials on the phishing site, the attackers can use them to access the victim’s Google account. This gives the attackers access to the victim’s emails, contacts, and other personal information..
**How the Campaign Avoids Detection**.
The campaign is able to avoid detection by most security software because it does not use any malicious attachments or links. Instead, the malicious code is embedded in the HTML of the fake Google News article. This makes it difficult for security software to detect and block the campaign..
**Targeted Victims**.
The campaign is believed to be targeting high-value individuals, such as business executives, government officials, and journalists. The attackers are likely using the information they steal from these victims to conduct further attacks, such as financial fraud or espionage..
**What to Do**.
If you receive an email containing a link to a Google News article, be cautious. Do not click on the link unless you are sure the article is legitimate. If you are unsure, hover over the link to see the real URL. If the URL does not match the one in the email, do not click on it..
If you accidentally clicked on the link and entered your Google credentials, change your password immediately. You should also report the phishing email to Google..
**Google’s Response**.
Google is aware of the campaign and is taking steps to protect its users. The company has updated its security systems to detect and block the phishing site. Google is also working with law enforcement to identify and arrest the attackers..
**Conclusion**.
The Google phishing campaign is a serious threat to users’ online security. The campaign is able to bypass detection by most security software, and it is targeting high-value individuals. Users should be aware of this campaign and take steps to protect themselves from it..
