Cybersecurity experts have uncovered a phishing campaign exploiting Google Cloud’s Application Integration service to send convincing fake emails that bypass traditional security filters. The attack uses trusted Google domains and structures to deceive recipients across multiple industries globally. #GoogleCloud #PhishingCampaign
Keypoints
- The phishing campaign impersonates legitimate Google notifications by abusing Google Cloud’s email automation features.
- The attackers send thousands of targeted emails to over 3,000 users worldwide within a two-week period.
- The campaign leverages Google Cloud’s “Send Email” task to send emails from genuine-looking Google domains.
- Recipients are redirected through trusted Google services before encountering fake verification pages and credential theft sites.
- The attack primarily targets industries dependent on automated notifications, such as manufacturing, finance, and technology sectors.
Read More: https://thehackernews.com/2026/01/cybercriminals-abuse-google-cloud-email.html