Phishing Scams Just Got Sneakier
We’ve all seen phishing emails before poorly written messages pretending to be from a bank or a shipping company. But hackers are stepping up their game. A new report from cybersecurity firm Cofense reveals that scammers are now abusing Google Apps Script, a legitimate Google service, to host fake invoice pages that steal login credentials.
The scary part? Because these phishing pages are hosted on Google’s own domain (script.google.com), many security tools and even cautious users let their guard down.
How the Scam Unfolds
Step 1: The Bait—A Clean, Professional Email
The attack starts with an email that looks like it’s from a healthcare provider or medical equipment supplier. The message is short and to the point:
“Your invoice is attached. Click here to view.”
No spelling mistakes, no weird formatting just a simple, urgent request. That’s intentional. Hackers keep it clean to avoid spam filters and make the email seem legitimate.
Step 2: The Trap—A Google-Hosted Fake Invoice
Clicking the link takes you to what looks like a Google-hosted document viewer. It’s a well-designed page with a “Preview” button, making it seem like you’re about to open an invoice or fax.
At this point, most people don’t suspect anything after all, the URL says script.google.com, and Google is trustworthy, right?
Step 3: The Payoff-A Fake Microsoft Login
When you click “Preview,” you’re redirected to a fake Microsoft login page. It looks identical to the real thing, complete with Microsoft’s branding and security warnings.
If you enter your email and password? Game over.
Step 4: The Cover-Up Silent Theft
After stealing your credentials, the hackers don’t just stop there. To keep you from realizing you’ve been scammed, they redirect you to the real Microsoft login page.
By the time you log in normally, the attackers already have your credentials—and possibly access to your email, work accounts, or sensitive data.
Why This Phishing Trick Works So Well
-
Google’s Trust Factor: Most people (and security software) assume anything on a Google domain is safe. Hackers exploit that trust.
-
No Obvious Red Flags: The emails and pages look professional, with no typos or weird formatting.
-
Psychological Pressure: The fake invoice creates urgency, making people act without thinking.
How to Protect Yourself
Double-Check URLs: Even if it’s a Google link, look for anything unusual in the address.
Never Enter Credentials from an Email Link: Always go directly to the official website (like office.com) to log in.
Use Multi-Factor Authentication (MFA): Even if hackers get your password, MFA can stop them.
Report Suspicious Emails: If something feels off, forward it to your IT team or mark it as phishing.
Final Thought: Stay Alert
Hackers are always finding new ways to trick people, and this Google Apps Script scam is one of the most convincing yet. The best defense? Slow down, check links, and never rush into entering passwords.
Discover more from CyberAwareHub
Subscribe to get the latest posts sent to your email.