The Threat Analysis Group (TAG), Google’s division that tracks cybercrimes around the world, on Wednesday published its first quarterly report.
In its report, the TAG highlighted a rise of new activity from “hack-for-hire” firms, many based in India. These firms target users through Gmail accounts that spoof the World Health Organisation (WHO).
According to the TAG report, these accounts are targeting business leaders across consulting, healthcare, and financial services. The targeted regions include the US, the UK, India, Bahrain, Cyprus, Canada, and Slovenia, among others.
In these phishing emails, hackers lure users into signing up for notifications from the WHO on the latest updates on the Covid-19 pandemic. The emails feature malicious links which look identical to the official WHO website.
“The sites typically feature fake login pages that prompt potential victims to give up their Google account credentials, and occasionally encourage individuals to give up other personal information, such as their phone numbers,” said the TAG in the report.
According to a CNET report, the “hack-for-hire” firms have been around for quite some time. Most of them are based out of Israel and some Arab nations. This is however for the first time India has been singled out for such kind of phishing campaigns, the report said.
The TAG in its report acknowledged a surge in COVID-related hacking and phishing attempts. It pointed out that such hacking attempts are made by both government-backed and commercial hackers.
In its quarterly bulletin, the TAG further detailed coordinated influence operation campaigns on Google platforms and measures it had taken thus far. For instance, it took down 3 advertising accounts, 1 AdSense account, and 11 YouTube channels in March. These accounts were associated with a “coordinated influence operation linked to India.”
