1. A new phishing campaign uses Google Drawings and WhatsApp to evade detection and trick users into clicking malicious links.
2. The attack leverages trusted websites like Google, WhatsApp, and Amazon to appear legitimate.
3. The phishing email directs recipients to a graphic hosted on Google Drawings, which appears to be an Amazon account verification link.
4. Attackers use URL shorteners, including one from WhatsApp, to obfuscate the malicious link.
5. The fake Amazon login page collects credentials, personal information, and credit card details.
6. After harvesting information, victims are redirected to the genuine Amazon login page, and the fake page becomes inaccessible from the same IP address.
7. This attack is part of a broader trend of cybercriminals exploiting trusted services for malicious activities.
8. The use of legitimate services makes it difficult for traditional security systems to detect these threats.
9. The incident highlights the need for enhanced security training and technology to protect users from sophisticated phishing attacks.
10. Researchers emphasise the importance of developing advanced detection techniques and evolving security frameworks to combat the exploitation of trusted services.