New phishing threat exploits Google Cloud to harvest Microsoft 365 credentials
There’s a new phishing scam out there and it’s pretty clever. Hackers are using Google Cloud tools to go after people’s Microsoft 365 login info. They hide behind legit platforms and automated messages, so their emails look real and are way harder to catch. It’s getting tougher to tell what’s fake.
Here’s how it works: The scammers use Google Cloud Application Integration, which is supposed to help businesses automate stuff. But these guys send emails from actual Google addresses, like noreply-application-integration@google[.]com. That makes the message seem official. Most of the time, the emails look like normal notifications—maybe a shared doc or a voicemail alert. People see them, don’t think twice, and click the links. That’s all it takes.
The attack follows a multi-stage path designed to evade security filters. When someone clicks the link, they land on a real Google Cloud Storage page first. Then the process triggers a quick “prove you’re human” step, usually a CAPTCHA or an “I’m not a robot” check, which googleusercontent[.]com hosts. This bit weeds out security bots and makes the whole thing look more legit. After that, attackers redirect people to a fake Microsoft 365 login page that looks almost identical to the real one but secretly captures their login credentials.
Researchers say attackers are taking advantage of free Google Cloud credits. That makes it cheap and easy to run these scams at scale. It’s not just about the tech, either—these criminals are pretty crafty with psychology, using trusted sites to trick people into letting their guard down.
Google pointed out that this isn’t a breach of their systems. Instead, attackers are misusing their workflow automation tools. Security experts say it’s smart to double-check URLs, use multi-factor authentication, and keep employees trained to spot shady emails. At this point, everyone should expect phishing attacks to get more advanced and plan their defenses with that in mind.
This whole scheme is a reminder: even big-name platforms can be twisted into tools for stealing sensitive info. Companies that mix strong technical defenses with regular awareness training give themselves a much better shot at stopping account takeovers and cutting down the fallout. Staying alert and keeping a close eye on things is more important than ever in a world that runs on the cloud.
