Welcome to the SecAware blog

I spy with my beady eye ...

13 Aug 2020

Google customers phishing

We're seeing a steady stream of 'update your email'-type crude phishers along these lines:

I have lightly redacted the URL, but those action buttons are clearly not pointing to an IsecT domain.  

Firebase Storage is a Google cloud storage/app service:

Google promotes Firebase security in terms of high availability and authentication for their customers i.e. web developers using Firebase to host content on the web. No mention of security for their customers' victims though and although Google can't be held entirely responsible for its customers' nefarious activities, I presume (hope!) they have the processes in place to identify and respond efficiently to incidents of this nature.

I've reported this incident through a Firebase customer support channel as there is no obvious way for us to report misuse of their services by phishers etc.

I'll let you know how they respond.

UPDATE: they didn't.

No comments:

Post a Comment