Set as Homepage - Add to Favorites

日韩欧美成人一区二区三区免费-日韩欧美成人免费中文字幕-日韩欧美成人免费观看-日韩欧美成人免-日韩欧美不卡一区-日韩欧美爱情中文字幕在线

【?? ??? ??】How Google is helping scammers via Google Sites

It seems everyone uses Google's free services. Its search engine is ?? ??? ??the most-trafficked website in the world. Over a billion people depend on Gmail for their email messaging. Google Meet provides multi-user remote video conferencing at absolutely no cost. 

And more and more bad actors are utilizing Google Sites to defraud and scam internet users everyday. Wait…what?

Google has a problem. While its free services are great at making online tools more accessible to people around the globe, they also give scammers an easy way to set up shop. Without having to unveil their identities via credit card or billing address to make a payment, fraudsters can easily weaponize these products to carry out their scams.


You May Also Like

Most people are familiar with products like Gmail and Google Meet and know that anyone can use these services. But Google Sites is a much lesser-known service. And the Google Sites service, which allows users to create web pages, provides a huge assist to scammers looking to hide under a veil of trustworthiness: a website under the Google.com domain name.

"On Google Sites, we explicitly prohibit phishing and we invest heavily in detecting, deterring, and removing abuse from our platforms,” said a Google spokesperson in a statement provided to Mashable.

Google is aware of the issue. However, the scams enabled by Google Sites persist. And they are not hard to find.

Google Gone Phishing

Phishing is a classic online scam tactic in which a bad actor copies the web designs of trusted websites, like a user's bank, in order to trick the individual into inputting their sensitive information so the scammer can access it. These scammers have found success creating these phishing websites on Google Sites.

"I first encountered this scam myself whilst looking on Google for 'Google Ads,'" SEO consultant Matt Tutt said to Mashable. 

Tutt had previously written about his own personal experiencecoming across the Google Sites scams in 2020. Like many people, Tutt decided to just Google the website he wanted to visit instead of directly typing the URL in his web browser's address bar. He clicked the first link — a Google ad — on the search results page, assuming it would be the official Google Ads website.

"It looked fairly legit, and honestly, I probably had my guard down, as I'd not have imagined someone apart from Google could run ads for the keyword 'Google Ads,'" he explained. "I was presented with the standard Google Ads homepage — or at least I thought I was! When I went to log in, I noticed the URL was slightly different, and that's when it struck me: I wasn't on the official Google Ads site."

"Luckily, I hadn't entered my login credentials, but it struck me how easily I was nearly fooled, considering I work as an SEO specialist and have done so for over 10 years!" Tutt continued. 

If he had entered his password on that fake Google Ads page, he would have sent his credentials directly to a scammer. And if these Google Sites phishing pages could nearly trick a professional who works in search, like Tutt, there's a good chance scammers are succeeding with less savvy individuals.

The problem is that every page published with Google Sites is accessible under the URL structure "sites.google.com." And, from cybersecurity experts to tech-savvy family members, anyone who's ever tried to educate people on how to avoid phishing scams has always stressed the importance of looking at the URL. If it isn't one you trust, you shouldn't click, nor should you provide any sensitive information on the page. It is a very good tip. But scammers are constantly evolving. Over the years, they have upgraded their tactics and have weaponized subdomains, like "YourBank.ScammersDomain.com." In turn, users have specifically been told to look for the word right before the domain extension ".com." If it's unfamiliar to you, you probably shouldn't trust it.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!
SEE ALSO: Scammers target YouTube's smart TV activation sites with help from Google

But every user-generated webpage published with Google Sites is accessible via the "sites.google.com" URL. Even a scammer's phishing website, which may go by "sites.google.com/yourbank." The main keyword right before the ".com"  is Google, right? The mega Big Tech corporation. The world's largest search engine. The most popular website on earth. If that's not a trustworthy domain, then nothing could be, right? And that's why scammers love Google Sites. 

Direct-to-Consumer Scams

The scammer that almost fooled SEO consultant Tutt displayed some serious bravado in targeting those who were likely more tech-savvy than most. But most of these Google Site scammers have their sites set on much easier targets.

I first came across just how bad the Google Sites scams had become when a family member fell victim to one. Looking to activate YouTube on their television, a relative Google-searched the YouTube TV activation URL instead of inputting it into the web browser directly. A Google Sites phishing page popped up on the first page of Google, mimicking the look of an official YouTube site. In my investigation, I saw just how high Google was ranking a phishing site on the first page for a search query of their own sister company, YouTube. Because Google ranks Google Sites pages highly, these phishing pages enjoy prime spots for many related search terms.

Google Sites phishing page for YouTubeA screenshot showing how high Google Sites phishing scams targeting YouTube users ranked on Google Search from August 2021. Credit: Mashable Screenshot

The site instructed the family member to input the provided code to activate YouTube on their television. Of course, it didn't work. The Google Site was set up for that to happen. The scam website then informed my family member that they needed to call a telephone number to activate YouTube on their TV. When they called the number, they were connected directly to a scammer who was able to scam them out of hundreds of dollars in the belief that these were small, temporary charges that were only used to confirm activation of their YouTube account on their TV set.

Since that piece was published last year, I have heard from a handful of readers who have fallen for similar scams utilizing Google Sites, such as one that scammed users looking to activate Amazon's Prime Video.

In 2020, the cybersecurity firm Armorblox releaseda report about a growing phenomenon: Scammers weaponizing free Google services like Google Docs, Google Form, and, of course, Google Sites.

From American Express to Microsoft Teams to a targets' payroll provider, Armorblox sussed out a slew of various brand impersonation phishing schemes using these free services like Google Sites.

"​​Though Google…[does] remove many of these, they are slow to respond to emerging attacks, leaving the attacker with days, if not weeks, to launch attacks," Armblox chief information security officer Brian Johnson said to Mashable. "The game of Whac-A-mMole to get these taken down is a neverending battle."

While the free nature of Google Sites and the cloak of the Google.com domain are huge factors in why they attract bad actors, there are more technical reasons, too.

"Due to these URLs and domains being used for several legitimate purposes, native email security filters are unlikely to block these inherently trustworthy links," explained Johnson.

Plus, Johnson says, when Google does get around to taking down a phishing website, the scammer can quickly get everything back up and running.

"They make it so easy to use and throw and set up another account again," he continued. "This allows attackers to keep launching a steady stream of attacks even when they are taken down."

What's next? Crypto scams, of course!

While Google has responded to Google Sites scams and shut down many phishing pages, that has not deterred scammers. And it may not be all that shocking to find where these bad actors are seeing money signs next: Cryptocurrency.

A new report from cybersecurity company Netskope found that throughout this past year, scammers are weaponizing Google Sites pages in order to steal people's crypto wallet and account credentials from platforms like MetaMask and Coinbase. 

Google Sites MetaMask scamThe report by Netskope provides an example of a Google Sites phishing page besides the MetaMask homepage it has copied. Credit: Netskope

These scams work pretty much the same way other Google Sites scams work. The scammer creates a page that looks like the MetaMask or Coinbase login page; it provides users with the option of providing their username and password or secret recovery phrase to log in. Of course, once the user inputs that information, they are not actually logging into their crypto wallet or crypto exchange account. They are simply handing their account information over to the scammer.

SEE ALSO: The biggest crypto scams of 2022 (so far)

One interesting difference noted by Netskope: With the crypto-related Google Sites scams, the scammers are very proactive. In prior Google Sites phishing schemes, most scammers seemed to sit back and let Google Search provide them with unlimited fresh targets, willingly inputting their private information or calling fake support numbers. Netskope's report found that many crypto scam Google Sites pages are actually being scammed on blogs and social media posts around the web.

Be on the lookout for that "sites" subdomain before the "Google.com" URL the next time you come across a webpage that looks to be from the most trustworthy domain name on earth. It just might be a scammer.

Topics Cybersecurity Google

0.1361s , 9801.328125 kb

Copyright © 2025 Powered by 【?? ??? ??】How Google is helping scammers via Google Sites,Public Opinion Flash  

Sitemap

Top 主站蜘蛛池模板: 亚洲欧美日韩国产精品一区二区 | 91久久人人爽亚洲精品美女 | 人禽无码做爰在线观看 | 日韩欧美亚洲国产一区二区三区 | 国产欧美日韩老女人 | 亚洲九九精品一区二区三区 | 国产精品99久久久久久小说 | 日本无码免费AAAAAA片 | aⅴ国产系列欧美亚洲 | 免费看奶头视频的网站 | 日本成本人三级在线观看2024 | 国产男女猛烈视频在线观看 | 亚洲视频精品在线观看 | 精品无码一级毛片免费视频观看 | 丁香五月综合缴情月高清电影在线观看 | 在线亚洲午夜片av大片动图 | a级在线中文字幕在线 | 韩国三级日本三级香港三级黄 | 久草热在线观看 | 蜜臀av无码精品人妻色欲 | 国产亚洲欧美一区在线观看 | 91日韩精品久久久久精品 | 亚洲天天一色综合AV | 亚洲1区2区3区精华液 | 久久精品国产亚洲av三区 | 亚洲第一中文 | 日韩精品无码一区二区 | 久久久久成人国产av | 成人羞羞网站入口免费 羞羞视频网站 | 精品国产91乱码一区二区三区 | 亚洲一区精品伊人久久 | 亚洲av无码成人精品区在线 | 免费国产美女爽到喷出水来视频 | 久久怡红院av | 丰满熟妇啪啪 | 受喷汁红肿抽搐磨NP双性 | 国产私拍福利在线观看视频 | 精品成a人无码 | 2024美女视频黄频大全视频 | 伊人情人综合成人久久网小说 | 夜夜草官网 |