Phishy Business: Google Automation Tool Hijacked in Global Scam

Researchers at Check Point Harmony Email Security have discovered a cunning phishing scam using Google Cloud Application Integration. Cybercriminals send emails from a legitimate Google domain, making them appear trustworthy. This scheme has targeted thousands globally, exploiting Google’s own systems. Remember, even trusted sources may not be what they seem—stay vigilant!

3P
Published: December 29, 2025 8:33 pmAdded: December 29, 2025 at 12:41 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Google’s been hacked! Well, sort of. Turns out, cyber villains have found a way to use Google’s own tools against us in a phishing scam. So, if you get an email from Google, it might be less “You’ve got mail!” and more “You’ve got trouble!”

Key Points:

  • Cybercriminals are using Google’s systems to send phishing emails that appear legitimate.
  • The scam exploits Google Cloud Application Integration to send emails from a real Google domain.
  • The phishing process involves a three-step trap, including fake CAPTCHA and login pages.
  • The campaign is global, with the highest number of targets in the United States.
  • Google has blocked the campaigns, but vigilance is still necessary.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?