Artwork

Content provided by Daily Security Review. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Daily Security Review or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!

Multi-Stage Phishing Attacks Now Use Google Infrastructure—Here’s How

13:51
 
Share
 

Manage episode 486444788 series 3645080
Content provided by Daily Security Review. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Daily Security Review or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.

Recent phishing campaigns have entered a new phase—one where trust is weaponized. In this episode, we break down how cybercriminals are exploiting legitimate services like Google Apps Script and Google Firebase Storage to host phishing pages, evade detection, and steal credentials. Using cleverly crafted lures such as fake DocuSign notifications, invoice alerts, and even deceptive CAPTCHA prompts, these attackers are bypassing traditional email and web filters by operating under the guise of reputable platforms.

We’ll dive into specific attack techniques, including multi-stage payload delivery using VBScript, clipboard hijacking with fake MP3 files, and the deployment of tools like NetBird and OpenSSH for persistent access. We’ll also explore the rise of Phishing-as-a-Service kits like Haozi that lower the barrier for launching these sophisticated campaigns. Finally, we cover key mitigation strategies—from detection platforms to user education—that organizations can adopt to stay ahead of these evolving threats.

This episode is a must-listen for IT professionals, CISOs, and anyone tasked with defending against phishing and social engineering attacks in today’s high-trust, high-risk digital landscape.

  continue reading

125 episodes

Artwork
iconShare
 
Manage episode 486444788 series 3645080
Content provided by Daily Security Review. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Daily Security Review or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.

Recent phishing campaigns have entered a new phase—one where trust is weaponized. In this episode, we break down how cybercriminals are exploiting legitimate services like Google Apps Script and Google Firebase Storage to host phishing pages, evade detection, and steal credentials. Using cleverly crafted lures such as fake DocuSign notifications, invoice alerts, and even deceptive CAPTCHA prompts, these attackers are bypassing traditional email and web filters by operating under the guise of reputable platforms.

We’ll dive into specific attack techniques, including multi-stage payload delivery using VBScript, clipboard hijacking with fake MP3 files, and the deployment of tools like NetBird and OpenSSH for persistent access. We’ll also explore the rise of Phishing-as-a-Service kits like Haozi that lower the barrier for launching these sophisticated campaigns. Finally, we cover key mitigation strategies—from detection platforms to user education—that organizations can adopt to stay ahead of these evolving threats.

This episode is a must-listen for IT professionals, CISOs, and anyone tasked with defending against phishing and social engineering attacks in today’s high-trust, high-risk digital landscape.

  continue reading

125 episodes

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Quick Reference Guide

Copyright 2025 | Privacy Policy | Terms of Service | | Copyright
Listen to this show while you explore
Play