top of page
  • Admin

Google Services Hijacked, Used For Phishing And BEC Scams

Published: October 27, 2021 on our newsletter Security Fraud News & Alerts Newsletter.

With the number of remote workers exploding during coronavirus, hackers are hot on the trail of abusing this scenario any way that they can. Researchers from Armorblox recently discovered that bad actors are exploiting Google Services like their Docs, Forms, Mail, and even Google Calendars. With over one billion users worldwide, Google products and services provide fertile hunting grounds for those with bad intent. Helping defraud businesses everywhere, Armorblox finds phishing and business email compromise (BEC) are among the favored tool’s hackers are weaponizing to abuse Google Services and its users.

According to a Stanford researcher, 42% of the U.S. labor force is now working full-time from home. That gives email phishing scammers in particular, plenty of targets to choose from using Google Mail Services. Hiding behind Google and its platforms gives bad actors the appearance of legitimacy that works so well for them. Phishing emails can get through compromised filters and go directly into an employee’s Google inbox.

Once done, business email phishing can lead to business email compromise (BEC), and BEC can lead to the loss of significant company funds and worse. BEC emails often request a wire transfer, and a dutiful employee will be duped into making the funds transfer without asking questions. They don’t realize they’re actually depositing company funds it into a hacker’s account. By the time it’s figured out, the money and the hacker are long gone.

With Google Services now in the crosshairs, experts see it emerging as a serious trend for attackers. Just last month, researchers found 265 Google Forms impersonating major businesses like Amex, Capital One, and even the IRS. Scammers were also discovered sending malicious links to countless users via Google Drive notifications. Even Google’s Gmail was used for an attack on mobile devices targeting Google Calendar events. It appears that every component of Google Services is twisted into a ripe target for abuse.

Google wants its users to know they are taking every security measure possible to keep bad actors from abusing their platforms. They maintain “We are deeply committed to protecting our users from phishing abuse across our services, and are continuously working on additional measures to block these types of attacks as methods evolve…We use proactive measures to prevent this abuse and users can report abuse on our platforms…”

Words of advice to avoid getting caught in this scam:

  • Verify wire transfer requests, preferably verbally, before completing them.

  • Ask a colleague to verify the transfer request. If they think it’s phishy too, it probably is and should be looked into further.

  • Don’t click links or attachments in messages if you are not expecting them and aren’t sure of their legitimacy. Always verify first using the phone, a text message, or a newly crafted email message. Don’t reply.

At this historic time when remote workers and their employers are struggling to keep secure, businesses and their staff need to bolster their own security measures. The platforms they use to run their business, like Google Services and others, need to tighten their own security. In a world where historic levels of hacking are taking place, being a step ahead of cybercriminals may be necessary to survive.

Want to schedule a conversation? Please email us at

3 views0 comments


bottom of page