Check Point Harmony Email Researchers have recently identified a concerning phishing campaign that spoofs Google Apps Script macros – a tool used to automate tasks in Google applications.

Google Apps Script macros are popular due to their abilities to automate workflows and integrate with assorted Google services, making them prime targets for cyber criminals.

Campaign overview:

The campaign involves approximately 360 emails written in multiple languages, including English, Russian, Chinese, Arabic, Italian, German, and French. The emails falsely claim to provide “account details” for a user registration that the recipient never initiated.

The campaign remains ongoing.

Should employees fall victim to this email-based scam, risks to organizations include the exposure of sensitive data, the fraudulent transfer of funds, and operational disruption, among other things.

How it works:

The phishing emails feature a link, in the subject line, which leads to a Google Apps Script page. On the page, users will find a deceptive URL that includes scrip.google.com.

The URL claims to be a “secure and trusted” payment service. Because the URL overtly appears legitimate, it may deceive users into potentially disclosing sensitive information.

Email l examples:

Initial phishing email. Image courtesy of Harmony Email researchers

Example of link to ‘activate account’. Image courtesy of Harmony Email researchers

Detection indicators:

To spot these types of threats, look for emails with subject lines that claim to provide “account details” for an unrecognized registration. URLs that include “scrip.google.com,” but that direct users to pages requesting the input of sensitive data are also red flags.

Mitigation strategies:

  • Apply advanced email filtering. This is sophisticated cyber security tooling that employs algorithms and machine learning to identify and filter out phishing emails
  • Leverage real-time URL scanning tools, which can identify and block links that direct users to malicious pages.
  • Utilize tools that employ AI-powered Natural Language Processing (NLP) to analyze the context and intent of email content
  • Obtain tooling with built-in AI-powered threat intelligence. This enables organizations to apply the most powerful mitigation measures available at any given time
  • Implement phishing awareness training to increase employees’ knowledge concerning the identification of suspicious emails and to elucidate internal reporting best practices

Further information:

Upon observing this attack, our cyber security researchers responded quickly, rendering Check Point customers protected from this attack.

Check Point customers remain protected from such attacks.

For more information about preventing advanced, evasive, and sophisticated cyber threats, click here or talk to a team of experts.

You may also like