Hackers Exploit Google Drawings in a New 3-Step Amazon Phishing Attack

Cybersecurity experts have recently uncovered a new and sophisticated phishing attack targeting Amazon users, which cleverly exploits Google Drawings as part of a multi-step strategy. This alarming tactic shows the evolving creativity of cybercriminals in their attempts to deceive even the most vigilant internet users.

The 3-Step Attack Breakdown

The phishing attack is structured in three key steps, each designed to lead unsuspecting victims into a trap:

Step 1: The Deceptive Email

The attack begins with an email that appears to be from Amazon, often carrying subject lines that trigger a sense of urgency, such as “Action Required: Update Your Payment Information” or “Your Account Has Been Suspended.” The email is crafted to look legitimate, mimicking Amazon’s branding, logos, and communication style to convince the recipient that it’s authentic.

Step 2: Google Drawings as the Trojan Horse
Instead of a typical phishing link, which might lead directly to a fraudulent website, this attack takes a more insidious approach. The email contains a link to a Google Drawings file. Since Google Drawings is a legitimate Google service, many users are unlikely to be suspicious of the link. When clicked, the user is redirected to the Google Drawings document, which is cleverly designed to look like an official Amazon form or webpage.

Step 3: The Data Theft