Google Meet is being nefariously used to trick people into falling for phishing scams, a group of cybersecurity experts warn consumers…
Google Meet, a video-communication service, and replacement for Google Hangouts, is being exploited by scammers, making it yet another Google product (like Drive and Docs) to be used to fool people into falling for phishing scams. And, similar to other malicious campaigns, the schemes involve dangerous links, disguised as legitimate and trustworthy ones. Plus, the scams use open redirects to subvert a majority of email security solutions.
Cybersecurity Researchers Report Steep Rise in Google Meet Phishing Attacks
GreatHorn, a cloud-native email security company, states that between Q1 2021 and Q2 2021, there has been an 84% increase in phishing attacks that leverage Google’s open redirects using Google Meet and Google DoubleClick. Most attacks are primarily focused on credential harvesting, payment fraud, as well as malware downloads. (Google DoubleClick abuse registered a 141% increase, while Google Meet experienced an increase of 57% compared to the previous quarter.) Security researchers from GreatHorn explain:
“Most email security solutions are not able to identify the misuse of open redirects when analyzing the URL in real-time….Threat actors use authentic and trustworthy domains that allow open redirects, such as Google, to more effectively trick users into clicking a link and falling victim to the attack.”