Fraudsters have started using Google's popular service to steal users' money

April 9, 2024  22:19

Scammers have started using a new scheme to lure money from Russians, within which they utilize the popular service Google Looker Studio. This was reported by the publication Izvestia, citing a report from the company F.A.C.C.T.

Google Looker Studio is an online tool for transforming data into customizable informative reports and dashboards. Looker Studio can be described as a free and simplified analog of services like Power BI, Tableau, DataLens, and more.

Within the mentioned Google service, there is a flaw in the interface that allows a user to invite any other person to their project. All that's needed for the user is the email of the other person. After inviting, the user can send a test email to another person from the official address [email protected], which by default is considered safe.

Scammers exploit this procedure to attach links to various phishing sites to the test emails. In the case of the scheme detected by F.A.C.C.T., scammers send emails to Russians with the subject "Receive Your Compensation Payment Online". The body of the email contains a link leading to a fake website that mimics the official resource of a popular bank.

There, the victim enters their online account details in hopes of claiming the promised social payment, but instead provides the scammers access to their bank profile. Cybercriminals exploit this opportunity to withdraw money from the victim's accounts.

"The danger of this tactic lies in the fact that security vendors often trust applications and services from Google and other major reputable companies. And thanks to these tricks, scammers can use perfectly legitimate services to distribute phishing and scams," said the head of the network traffic analysis and machine learning department at the company, Anton Afonin.

  • Archive