HQ/EMEAFind out how we can help your business
Threat actors are running a new campaign dubbed BEC 3.0 that could potentially harvest cryptocurrency credentials. Based on reports, the threat actors generate a malicious email that mimics the NO-REPLY@GOOGLE.COM address to start its malicious operations.
Researchers stated that the new phishing scam campaign spreads illegitimate URLs by abusing Google Docs. The primary goal of this campaign is to steal its target’s crypto credentials.
The BEC 3.0 exploits Google Docs as its latest attack transmitter.
According to investigations, the BEC 3.0 operators have leveraged Google Docs as its latest attack vector to redirect targeted users to their credential-harvesting websites. In addition, the hackers exploited the same Google service to disseminate malicious URLs.
Researchers noticed that the threat actors utilised the legitimate services of Google Docs to send illegitimate messages or URLs. Some of these messages contain email, pages, and comment features in Google Docs, implying that threat actors are improving the nature of their Business Email Compromise operations.
BEC 3.0 operators utilised legitimate websites to make their attacks more efficient and straightforward. Additionally, they could adopt such techniques to their phishing attempts so it would not raise suspicions and not alert security solutions. In one instance, the threat actors sent a link to a target that redirected it to a bogus crypto website.
Further research showed that the attack begins with developing a Google document sent to the user through email from the spoofed NO-REPLY@GOOGLE.COM. Next, the email will redirect the user to a legit Google Docs page once they click the link attached to the email.
However, the link in the legitimate page is a mimicked OneDrive page, where a user could be a victim if they provide their credentials on the fake cryptocurrency page.
Exploiting legitimate Google Docs services implies that threat actors constantly try to improve their cybercriminal tactics, especially in the new BEC 3.0 campaign, where the operators removed unnecessary features that could make their attack less efficient. Their attacks have become more straightforward since they only require user response or engagement to collect credentials that could lead to stolen funds.
