{"id":215047,"date":"2025-05-30T06:07:16","date_gmt":"2025-05-30T11:07:16","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/05\/threat-actors-abuse-google-apps-script-in-evasive-phishing-attacks"},"modified":"2025-05-30T06:07:16","modified_gmt":"2025-05-30T11:07:16","slug":"threat-actors-abuse-google-apps-script-in-evasive-phishing-attacks","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/05\/threat-actors-abuse-google-apps-script-in-evasive-phishing-attacks","title":{"rendered":"Threat actors abuse Google Apps Script in evasive phishing attacks"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/threat-actors-abuse-google-apps-script-in-evasive-phishing-attacks.jpg\"><\/a><\/p>\n<p>Threat actors are abusing the \u2018Google Apps Script\u2019 development platform to host phishing pages that appear legitimate and steal login credentials.<\/p>\n<p>This new trend was spotted by security researchers at Cofense, who warn that the fraudulent login window is \u201ccarefully designed to look like a legitimate login screen.\u201d<\/p>\n<p>\u201cThe attack uses an email masquerading as an invoice, containing a link to a webpage that uses Google Apps Script, a development platform integrated across Google\u2019s suite of products,\u201d <a href=\"https:\/\/cofense.com\/blog\/behind-the-script-unmasking-phishing-attacks-using-google-apps-script\" target=\"_blank\" rel=\"nofollow noopener\">Cofense explains<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Threat actors are abusing the \u2018Google Apps Script\u2019 development platform to host phishing pages that appear legitimate and steal login credentials. This new trend was spotted by security researchers at Cofense, who warn that the fraudulent login window is \u201ccarefully designed to look like a legitimate login screen.\u201d \u201cThe attack uses an email masquerading as [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-215047","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/215047","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=215047"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/215047\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=215047"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=215047"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=215047"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}