Callback Phishing Attacks: Stealing Login Credentials Through Google Groups

In recent years, cyber attacks have become more sophisticated and new tactics are being used to steal login credentials. Callback phishing attacks are one such modern tactic. These attacks are different from traditional forms of phishing because they use more deceptive and difficult to detect methods. Recently, these attacks have been carried out through the Google Groups platform. Cybercriminals use this service to trick users and steal their login credentials.
Callback phishing is a special technique used by cybercriminals. In this case, the attackers send a phishing email to the user, posing as an employee or assistant of a service company. The email asks you to call a number to resolve any issues. This way, the attacker contacts the victim and tries to obtain login credentials during the conversation.
Recently, callback phishing attacks have also used the Google Groups platform. This service is designed for team communication and makes it easy to send email notifications and group messages. Attackers create fraudulent groups through Google Groups and send fraudulent messages to users. The messages often come from service organizations or IT support.
How does this attack work?

1. Sending a phishing message. The attacker sends the user a phishing message through Google Groups. This message is often sent on behalf of a company employee and informs the user that there is a problem with their account.
2. Request to call. The message asks the user to call a specified number. Attackers use this to scare the user, telling them that if they ignore it, they risk losing their account or being blocked.
3. Communicating with the victim: After making the call, the attacker pretends to be an employee of the technical support service or the company. They ask the user to provide credentials (login, password, two-factor authentication codes) to verify their account.
4. Stealing login information. Once the victim provides their login details, the attacker uses this information to hack into the victim’s account and use it for their own purposes.
   Why Google Groups were chosen?
   Google Groups provide great opportunities for attackers because:

• Appearance of trust. Using a service from a large company like Google creates trust in users. Users completely trust messages from Google Groups and open messages without prompting.
• Email manipulation. Messages sent through Google Groups appear to be sent by real company employees, making it difficult to detect the scam.
• Large number of users: Google Groups is a widespread service and is used by many companies, which allows attackers to target a large number of users at once.
  Protection methods
  To protect against callback phishing attacks, you should take the following steps:

1. Verify the sender. Any message or call request should be carefully verified. Verify the sender of any message from Google Groups to ensure that they are a real company employee.
2. Reject calls. Avoid scam calls. Companies generally do not ask you to provide login details over the phone.
3. Do not disable two-factor authentication. Attackers may ask you to send authentication codes. Never share authentication codes with others.
4. Increased security: Users are advised to use strong passwords and secure communication channels. It is also necessary to contact the company’s IT staff and check suspicious messages.
   Callback phishing attacks, especially those carried out through the Google Groups platform, are a growing cyber threat today. Users and companies need to be aware of such attacks, recognize phishing messages, and take action against them. Protecting your login information and never sharing it over the phone protects against cybercrime.
   Below are recommended measures for government organizations and individuals.
   

Recommendations for Government Organizations:
Educate employees about callback phishing attacks and train them to recognize such threats.
 Explain how to review suspicious emails and how to identify fake or fraudulent messages.
Organizations such as service or technical support should not require calls from customers or employees. Instead, it is recommended to communicate through official platforms.
Use reliable spam filtering systems to reduce the risk of email phishing.
Apply authentication technologies, SPF, DKIM, and DMARC to improve the security of email messages.
It is recommended to enable two-factor authentication for all systems and services in government organizations. This provides more reliable protection for user accounts.
Employees should be sent regular notifications, updates, and security alerts to reduce the risk of phishing.
Establish a procedure for reporting any phishing messages to cybersecurity authorities.
Regularly check your devices and networks, identify suspicious activity, and create a quick alert system for it.

Recommendations for citizens:
Never call numbers from unknown or suspicious email addresses. The service company should not ask you to call.
Carefully check the sender of the email. Although phishing messages often seem to come from companies, they may be fake.
Check suspicious messages by contacting your organization or a trusted service provider.
Do not respond to messages asking you to call numbers. If you need technical support, contact the official service provider directly.
Use two-factor authentication for all important accounts. This is an effective way to protect your accounts from being hacked.
If you find a phishing message, report it to the relevant authorities or service provider. This also helps protect others around you.
Protect your computer with antivirus and internet security software. These programs help detect and block phishing attacks.