Phishing via Google Looker Studio Uncovered By Check Point

Over 10 million people use the Google Looker family of products – but unfortunately they are increasingly being used for illicit purposes. New research from Check Point found that cyber criminals are using Google Looker Studio, Google Docs and Google Slide for advanced phishing attacks. 

Here’s how it works

  1. Cybercriminal creates a Google Looker Studio page 
  2. Cybercriminal uses Google to send a real notification to the targeted victim, asking them to review or comment. Since the notification comes from the legitimate Google account, it’s not caught by security filters
  3. Victim clicks through to look at the page, which looks legitimate
  4. Embedded within the Google Looker page is a link that redirects the victim to an external page designed to steal their login credentials and crypto-related information

According to Jeremy Fuchs, Cybersecurity Researcher at Check Point Software Technologies:

“Cyber criminals are taking advantage of Google’s business tools to help them steal login credentials and crypto accounts. Recently we’ve seen a dramatic rise in the use of Google Looker Studio for phishing attempts. This is concerning because it is difficult to detect for both security services and end users.”

You can read this attack brief here.

Leave a Reply

%d bloggers like this: