Cyber-Criminals Impersonating Google to Target Remote Workers

Part of the challenge in fighting this is that communications from Google (and Microsoft) usually contain clickable buttons so that users are habituated into trusting the click-through. I’d prefer the approach that some banks take where they ask you to login to their portal and give instructions how to find what they want to direct you to, rather than a link…:

[…] Steve Peake, UK systems engineer manager, Barracuda Networks, outlined: “Brand-impersonation spear-phishing attacks have always been a popular and successful method of harvesting a user’s login credentials, and with more people than ever working from home, it’s no surprise that cyber-criminals are taking the opportunity to flood people’s inboxes with these scams. The sophistication of these attacks has accelerated in recent times: now, hackers can even create an online phishing form or page using the guise of legitimate services, such as forms.office.com, to trick unsuspecting users.”

[…]

Original article here