image
A series of phishing campaigns using Google Firebase storage URLs have surfaced, showing that cybercriminals continue to leverage the reputation of Google’s cloud infrastructure to dupe victims and skate by secure email gateways. Google Firebase is a mobile and web application development platform. Firebase Storage meanwhile provides secure file uploads and downloads for Firebase apps. Using the Firebase storage API, companies can store data in a Google cloud storage bucket. The phishing effort starts with spam emails that encourage recipients to click on a Firebase link inside the email in order to visit promised content, according to Trustwave researcher Fahim Abbasi, writing in an analysis released Thursday. If the targets click on the link, they’re taken to a supposed login page (mainly for Office 365, Outlook or banking apps) and prompted to enter their credentials – which of course are sent directly to the cybercriminals. “Credential phishing is a real threat targeting corporates globally,” noted Abbasi. “Threat actors are finding smart and innovative ways to lure victims to covertly harvest their corporate credentials. Threat actors then use these credentials to get a foothold into an organization to further their malicious agendas.” In this case, that “innovative way” is using the Firebase link. “Since it’s using Google Cloud Storage, credential-capturing webpages hosted on the service are more likely to make it through security protections like Secure Email…

Source