Skip to content
  • PC & Mobile
    • Windows
    • Mac
    • Linux
    • Mobile
    • Android
    • iOS
    • Chrome OS
  • Hardware
    • PC Hardware
    • Product Review
    • Smart Home
  • Lifestyle
    • Internet
    • Gaming
    • Productivity
    • How Things Work
    • Glossary
    • News
  • Cheatsheets
  • Deals

Dark mode:

Home > News

New Phishing Attack Exposed Login Credentials Through Google Search

Laura Tucker
Laura Tucker
Jan 22, 2021
Phishing Attack Google Featured

With each day, month, and year that passes, it’s clear that cyberattacks are just not going away. Any business, person, or industry can be attacked at any given time. The latest is a phishing scam that attacked major industries, such as construction, and exposed login credentials through Google search.

Phishing Scam Exposed Through Google

Check Point Research alerted the world through a blog post that stolen login credentials from major industries were released on compromised WordPress domains. It was then discovered in the most public forum possible: Google search.

It all started with emails that included employee names or titles in the subject line of fraudulent emails. The employees were from industries that include construction, IT, health care, real estate, and manufacturing. These emails mimicked Xerox/Xeros notifications that originated from a Linux server and were hosted on Microsoft Azure. Spam was sent as well through email accounts that had earlier been compromised, lending the messages legitimacy.

Phishing Scam Google Search

HTML files containing embedded JavaScript code were attached to the emails. These had just one goal: undercover background checks of passwords. When the input of login credentials was detected, they were harvested, with users being directed to login pages.

“While this infection chain may sound simple, it successfully bypassed Microsoft Office 365 Advanced Threat Protection (ATP) filtering and stole over a thousand corporate employees’ credentials,” according to Check Point.

The hijacked websites included in this cyberattack were built on the WordPress CMS. Check Point explained that these domains were used as “drop-zone servers” to process the stolen login credentials.

After the login credentials were sent to the drop-zone servers, it was saved in files that were then indexed by Google, making them public. They were available to anyone through a search on Google. But the servers were only used for around two months, linked to .XYZ domains.

Phishing Scam Google Login

“Attackers usually prefer to use compromised servers instead of their own infrastructure because of the existing websites’ well-known reputations,” explained Check Point. “The more widely recognized a reputation is, the chances are higher that the email will not be blocked by security vendors.”

A Warning for the Future

Evidence that was discovered shows that this particular phishing scam may have been around for some time. An email from last August was compared with the recently discovered scam, and they had the same JavaScript encoding.

It all just shows that we just can’t let our guard down. Major industries and any individual or business can be affected, and it can involve such tech giants as Google and WordPress. Nothing is ever safe when it comes to the Internet. Always be aware and take care of your information.

Read on to learn how the work-from-home trend has led to an increase in cyberattacks and fake collaboration apps.

Is this article useful?
Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox

  • Facebook
  • Tweet

Popular Posts

How to Install macOS in VirtualBox

How to Fix 'No SIM Card Detected' Error on Android and iPhone

How to Convert Legacy BIOS to UEFI in Windows

How to Copy and Paste Text, Files and Folders in Linux Terminal

How to Access an Android Phone With a Broken Screen

How to Bypass Paywalls of Leading News Websites

How to Fix Mobile Data Not Working on Android

6 Ways to Easily Send Text Messages (SMS) from Your PC

7 Useful Cron Alternatives For Linux

How to Fix Ubuntu Can't Open the Terminal Issue

Affiliate Disclosure: Make Tech Easier may earn commission on products purchased through our links, which supports the work we do for our readers.

Read Next

iOS 16 CarPlay to Allow Paying for Gas from Dashboard
FCC Urges Apple and Google to Ban TikTok as Security Threat
Valorant Players: Riot Games Will Be Listening to Your Chats
Samsung to Pay $14M for Galaxy Water Resistant Claims
Amazon to Add Creepy Alexa Feature to Mimic Any Voice
Amazon Chooses 1st Location for Drone Delivery Service
Snapchat Plus Is Paid Subscription to Cover Revenue Loss
Microsoft Office Update Remedies Chinese Hack Vulnerability

© 2022 Uqnic Network Pte Ltd.
All rights reserved.

  • About
  • Contact
  • Advertise
  • Write For Us
  • Terms of Use
  • Privacy Policy
  • RSS Feed Terms
Do not share my Personal Information.