Google’s notification service was the victim of malicious people who managed to trick it. Cybercriminals have successfully tricked Google into spreading false security alerts and pushing Google Alerts subscribers to click on fraudulent links, thereby installing malicious security extensions and software, Bleeding Computer reported.
To trick Google and its service, cybercriminals have implemented a very well-honed strategy. They pretended to be reliable and well referenced sites in order to be able to use the alert function of Google. They even went so far as to write real-fake articles on fake security breaches, as well as on news in general, in order to appear as reliable as possible. Depending on the location of the users, they even adapted what was displayed on the sites.
Thus, they could take advantage of the Google Alerts service to disseminate false information concerning security breaches, data theft and others. Cybercriminals primarily targeted users of popular services, including EA, Dropbox, PayPal, Hulu, Canva, etc. Internet users who had previously subscribed to Google Alerts to receive information emails on this subject were then alerted.
A classic hit
The false emails then invited Internet users to click on a link to obtain more information, to win gifts, but also to download antivirus software. However, the links actually referred to malicious sites on which victims were asked to enter their personal data to receive gifts. A well known phishing scheme. By clicking on the link, a pop-up window could appear asking Internet users to update this or that software or extension. In reality, these were actually malicious plug-ins that could recover personal data.
According to Bleeding Computer, the false alarm campaign via Google Alerts is still current. It is therefore better to pay attention to the emails you receive from the Google service. Do not click on the links in the emails and do your own research on the alerts received.
High-Tech
New type of ransomware targets Windows and Linux users
High-Tech
PayPal: Fraudulent payments made thanks to a flaw in Google Pay accounts
- High-Tech
- Paypal
- Phishing
- Personal data
- Cybercriminality
- Cyber attack
- Cybersecurity