saas-attacks icon indicating copy to clipboard operation
saas-attacks copied to clipboard

Published 20 hours ago verified publisher icon pushsecurity

Hosting phishing pages on SaaS (AMP)

Open jacques- opened this issue 1 year ago • 1 comments

With the google AMP phishing stuff in the news (https://cofense.com/blog/google-amp-the-newest-of-evasive-phishing-tactic/) I'm wondering if there isn't a generic technique here? This doesn't feel like it's going to be solved quickly.

Perhaps something like "Trusted phishing hosting" - many different SaaS apps allow hosting of custom web content. Clearly the issue is amplified when that SaaS domain also hosts common SSO login pages (as Google above, but you've got to imagine there is going to be an equivalent on MS?).

Otherwise It might be best to just capture the AMP technique directly until we see similar techniques on other platforms.

jacques- avatar Aug 03 '23 09:08 jacques-

Similar deal using looker studio: https://www.bleepingcomputer.com/news/security/google-looker-studio-abused-in-cryptocurrency-phishing-attacks/

jacques- avatar Sep 12 '23 08:09 jacques-