Phishing attacks are nothing new, but a recent campaign has taken this tactic to a disturbing new level by exploiting trusted platforms like Google Drawings and WhatsApp. This innovative approach, targeting Amazon accounts, is both clever and alarming.
Reported by Menlo Security, the attack begins with a seemingly innocent phishing email, directing the recipient to a graphic that mimics an Amazon account verification link. The twist? The image is hosted on Google Drawings, a service widely trusted and rarely flagged by security systems.
“Open Redirect campaigns, like EvilProxy and Browser in the Browser, have been around for years,” explained a security expert. “These attacks involve sending users to what appears to be a trusted website, only to redirect them to a site controlled by attackers. In this case, the attackers used well-known platforms like Google and WhatsApp to host their malicious elements, with a fake Amazon page designed to steal victims' information. This is a prime example of a Living Off Trusted Sites (LOTS) threat.”
The image's placement on Google Drawings makes it more likely to evade detection. Once users click the link, they're led to a fake Amazon login page. The attackers further obscure their intentions by using two URL shorteners—WhatsApp’s unofficial link “l.wl[.]co” and “qrco[.]de.” This multi-layered approach not only tricks the victim but also helps bypass traditional security filters.
After the victim enters their credentials, personal information, and credit card details, they’re redirected to the legitimate Amazon login page. To cover their tracks, the attackers make the malicious page inaccessible from the same IP address, leaving victims unaware of the breach.
This attack underscores a growing trend in cybercrime: the exploitation of trusted services to carry out malicious activities. By weaponizing platforms like Google Drawings and WhatsApp’s link shorteners, attackers are not only reducing their costs but also presenting significant challenges for security teams.
As these threats evolve, staying vigilant is more important than ever. Even the most trusted platforms can be turned against us, highlighting the need for ongoing awareness and robust security measures.