Phishing with Google Forms, Firebase and Docs: Detection and prevention

The COVID-19 pandemic spurred a massive shift toward telework as companies tried to both stay operational and safe. One of the biggest impacts of this shift was an increased reliance on cloud-based services for business, such as Google’s GSuite.

While Google-based phishing attacks have been around for years, the pandemic provided a perfect opportunity for cybercriminals to double down on these attacks. As a result, a number of phishing attacks have been detected in recent months that leverage trusted Google services, including Google Sites, Firebase, Docs and Forms.

Google Sites and Google Firebase host “trusted” phishing pages

Many organizations’ anti-phishing solutions and employee cybersecurity awareness training focus on URL recognition. The basis of this strategy is that, if the URL originates from a trusted domain (like Google), then the site is probably legitimate.

This approach to phishing detection falls apart with services like Google Sites and Google Firebase. On these platforms, organizations are able to host their own webpages or develop mobile and web applications.

Content developed using Sites and Firebase are hosted by Google, meaning that they have a Google URL. This means that users looking to verify if a page is legitimate see the Google domain and

Read More: