Hackers use Google software tool to steal Microsoft accounts

Cybercriminals have found a new way to steal Microsoft 365 accounts using Google Apps Script, TechRadar reports. This cloud-based platform, which is designed to automate tasks in Google services using JavaScript, has become a tool for phishing attacks.

Attackers send victims emails containing fake invoices from Google. The link in these emails leads to script[.]google[.]com, which creates the illusion of legitimacy. When the victim clicks on it, a message appears stating that a download is pending. Clicking the button redirects the user to a fake Microsoft 365 login page that almost completely copies the real one. The entered credentials go straight to the hackers.

To better cover their tracks, scammers customize the page to redirect the victim to the real Microsoft 365 site once login credentials are entered.

Cybersecurity experts at Cofense have identified this scheme and are warning about its dangers. They advise against opening suspicious emails, especially those containing unexpected Google invoices. It is also important to verify email addresses and websites to avoid scams.