{"id":228260,"date":"2026-01-03T01:14:08","date_gmt":"2026-01-03T07:14:08","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/01\/cybercriminals-abuse-google-cloud-email-feature-in-multi-stage-phishing-campaign"},"modified":"2026-01-03T01:14:08","modified_gmt":"2026-01-03T07:14:08","slug":"cybercriminals-abuse-google-cloud-email-feature-in-multi-stage-phishing-campaign","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/01\/cybercriminals-abuse-google-cloud-email-feature-in-multi-stage-phishing-campaign","title":{"rendered":"Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/cybercriminals-abuse-google-cloud-email-feature-in-multi-stage-phishing-campaign.jpg\"><\/a><\/p>\n<p>In response to the findings, Google has blocked the phishing efforts that abuse the email notification feature within Google Cloud Application Integration, adding that it\u2019s taking more steps to prevent further misuse.<\/p>\n<p>Check Point\u2019s analysis has revealed that the campaign has primarily targeted manufacturing, technology, financial, professional services, and retail sectors, although other industry verticals, including media, education, healthcare, energy, government, travel, and transportation, have been singled out.<\/p>\n<p>\u201cThese sectors commonly rely on automated notifications, shared documents, and permission-based workflows, making Google-branded alerts especially convincing,\u201d it added. \u201cThis campaign highlights how attackers can misuse legitimate cloud automation and workflow features to distribute phishing at scale without traditional spoofing.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In response to the findings, Google has blocked the phishing efforts that abuse the email notification feature within Google Cloud Application Integration, adding that it\u2019s taking more steps to prevent further misuse. Check Point\u2019s analysis has revealed that the campaign has primarily targeted manufacturing, technology, financial, professional services, and retail sectors, although other industry verticals, [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,32,45,1490,6,1491],"tags":[],"class_list":["post-228260","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-education","category-finance","category-government","category-robotics-ai","category-transportation"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/228260","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=228260"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/228260\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=228260"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=228260"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=228260"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}