© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Threat actors use Google Cloud to spoof Best Buy


A phishing scam appears to be spoofing the multinational retailer – and though fairly easy to spot, it may be working because it uses Google’s trusted reputation to bypass email security, says analyst Avanan.

“In this attack, hackers are spoofing Best Buy, another popular spoofed brand,” said Avanan. “This is not the most convincing one we’ve seen, as the logos are lacking, and the email isn’t especially convincing. What is interesting, however, is the way in which hackers get this spoof into the user’s inbox.”

The brand it is impersonating is misspelled “Bestbuy” and a postal storage unit is listed at the bottom of the phishing page as the huge corporation’s ‘address.’ But because the attack uses the Google Cloud Storage facility to bypass email security systems, it is peculiarly efficient at landing in users’ inboxes, according to Avanan.

Screenshot of poorly constructed page to mimic Best Buy
Spoof page is poorly constructed, with Best Buy written "Bestbuy" (top left corner) and company headquarters listed at the bottom as a postal storage unit.

“Hackers continually leverage legitimate sites to get into the inbox,” it said. “When hackers can piggyback off established, trusted sites, their attacks are more likely to be seen as legitimate.”

By embedding phishing links on a trusted page, malicious hackers can effectively fool automated email settings and get their dodgy messages through to an unsuspecting victim’s account.

“It will have the URL of the legitimate site, so security services will see a known URL and send it to the inbox,” said Avanan. “This attack, while not novel, leverages Google Cloud as a hosting site. Most cloud services are legitimate, thus they will be allowed by security services.”

Avanan believes this growing trend means email security services must be upgraded to cover more than just static “allow” or “block” lists for messages, and that artificial intelligence (AI) and machine learning (ML) are more effective tools to defend against this type of social engineering attack.

“This is where AI and ML come into play,” it said. “By looking at other factors – sender address, URL, grammar, and more – it can be easily deduced that this attack is, in fact, an attack.”

It added: “End users also play a part. By looking at those telltale signs – like seeing that the reply-to address has ‘mouse in the house’ [written] in the URL – they can make educated decisions.”


More from Cybernews:

Public healthcare service in UK hit by ransomware

Public healthcare service in UK hit by ransomware

Cisco admits to being hacked

Robots hired to stock shelves in Japan stores

Meta's identity crisis could be its downfall

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are marked