Three people are engaged in online search activities. Two of them are using a search box to input queries, while the third person is carefully examining the search results.

Threat Actors Using Google AMP To Evade Phishing Attacks

A new technique for phishing has emerged in the domain of cyber risks, employing Google’s Accelerated Mobile Pages (AMP) technology. This method has proven to be quite efficient in targeting its desired recipients.

A free HTML framework called Google AMP is used to build webpages that are effectively optimised for viewing on both desktop and mobile devices. It is a collaboration by Google and 30 partners to increase the online content’s loading speed on mobile devices.

The attackers in this most recent phishing attempt effectively gained certainty and evaded security measures by using Google.com and Google.co.uk websites. Additionally, they employed a variety of strategies to get outside email security measures.

The purpose of including Google AMP URLs phishing emails was to evade detection due to Google’s reputable image. These URLs are hosted on actual Google domains, making it challenging for email security systems to detect the malicious intent of the emails.

Furthermore, the addition of Google Analytics provides threat actors with a way to keep track of user activity on their phishing pages. The Google AMP URL functions as a redirect, leading users from the original URL to the included URL within the route.

Using a Google AMP Redirection to Lead Users to a Phishing Website
Using a Google AMP Redirection to Lead Users to a Phishing Website (Cofense)

Cofense has been carefully monitoring the weekly flow of phishing emails that appear in the emails of recipients with Google AMP URLs. Because they cleverly used allowed Google domains to host the URLs, these emails have been extremely successful in reaching their targets. These deceptive emails now aim to steal employee email login information.

Weekly Volume of Phishing Emails Using Google AMP for Hiding
Weekly Volume of Phishing Emails Using Google AMP for Hiding (Cofense)

Threat actors use the most recent techniques while integrating Google AMP

The Google AMP phishing attempts have shown to be incredibly effective at reaching their targets. This is probably because the URLs are hosted on reputable and reliable Google domains. Furthermore, threat actors that are using this new strategy have cleverly combined tried-and-true techniques to make their phishing emails even more misleading.

Some emails lack a standard email body and instead use HTML pictures in their image-based phishing attempts. These emails are harder to detect than text-based ones due to the complexity of their email headers and their ability to evade text scanning security measures.

The full image acts as a clickable link that takes viewers to the following phishing phase. There are many different types of tricks, such as email notifications, requests, reminders, shared files, and money-related issues.

Clickable HTML Image Email Uses Google AMP
Clickable HTML Image Email Uses Google AMP (Cofense)

Attackers nowadays often employ a variety of techniques to avoid detection, making it harder for targets and security systems to detect and successfully counter these attacks.

Employees should undergo regular cybersecurity awareness training to help them comprehend phishing techniques, how to identify fraudulent emails and texts, and how to respond when encountering them. Encouraging a culture in which employees feel comfortable reporting potential security issues and fostering open dialogue between the IT department and other staff members is crucial.

Phishing attacks are on the rise, and it is important to protect your organisation. One effective way to do this is by increasing user awareness about these types of attacks. Phishing Tackle is a great resource that can help you in this regard. They offer a free 14-day trial to help train your users to recognise and avoid phishing attacks. 

Although technology can be helpful, it cannot spot 100% of phishing emails. Therefore, user education is important to minimising the impact of any successful attacks. Consulting with Phishing Tackle can provide valuable insights and tools to help you strengthen your defences against phishing attacks.

Recent posts