firebasestorage.googleapis.com Email Password Phishing - Warning!!
This is becoming an increasing problem. Somehow Google are not responding to phishing attacks using their own app platforms, firebase. The platform allows for people to create free apps within certain parameters and this is being used as an untraceable, unstoppable source for phishing attacks on Microsoft Office 365 users around the world. Microsoft Edge, the browser, seems to respond to these attacks pretty quickly and block their users from being hoodwinked, but Google Chrome, by far the most popular browser, does not.
It does not take much to get scammed on Office 365, they just need to send out some emails to clients with fake invoices and payment instructions for different accounts. The hackers then add rules to your accounts so that nay reply goes to them and they can then use your compromised account to respond once more, affirming the unusual request.
Suddenly your client has paid a bill for $20k and it is money that you have lost forever, just from a crappy phishing attack.
Be careful and make sure that your clients and suppliers know that you will not change your bank details without confirming by phone, always!
Watch out for this email phishing scam circulating this week:
From: Domain Security Team <[email protected]>
Sent: Tuesday, October 13, 2020 2:07 PM
Subject: Your mailbox quota update
Hello recipient,
|
Here's your email review for the past week. Some incoming messages with attachments are currently hanging on your server due to low storage capacity.
Kindy review these messages and increase your storage capacity. click below to review these messages.
|
|
|
|
Review generated for [email protected] domain.suffix Security Team. Why did I receive this email? Your email filtering service is provided by Webmail Networking, Inc. USA . These message review allows you to view and read your filtered emails. Copyright© 2020 cPanel, L.L.C. Privacy Policy
|
|
The link, as is so often the case now, points to: https://firebasestorage.googleapis.com/v0/b/grft-f1bab.appspot.com/o/gen%2Findex2gre.html?alt=media&token=8fade650-029d-4535-99d4-989d2306fe92#[email protected]
More appspot firebase scammers sending out spam.
Then it just attempts to send you to your own website:
As usual, Google have failed to mark the appspot firebase website app as deceptive, but Microsoft Edge are already blocking it.