New BEC 3.0 Attack Utilizes Google Workspace to Send Malicious Crypto Links

Last week, researchers at Avanan, a Check Point Software company wrote about BEC 2.0, a variant of BEC attacks that remains a significant problem for security services and companies. This week, Avanan will discuss BEC 3.0, a variant of these scams using legitimate services to unleash an attack.

Avanan’s latest research discusses how hackers are utilizing Google’s services within comments on Google Workspace documents to redirect users to a fake cryptocurrency site. This attack, still ongoing, has been targeted at nearly 1,000 companies in the last two weeks. 

In this attack, hackers utilize the comments feature in Google Workspace (ex: Google Sheets or Google Docs) to send out legitimate Google emails, however, containing malicious redirects using a legitimate Google Scripts URL, a coding platform hosted by Google. Clicking on the provided link redirects users to a fake cryptocurrency page. 

You can read the follow up research here.

Leave a Reply

%d bloggers like this: