



Everyone seems to be using Google’s free services. Its search engine is the most trafficked website in the world. Over 1 billion people use Gmail for their email messaging. Google Meet offers multi-user remote video conferencing completely free.

In addition, more and more criminals are using Google Sites to defraud and defraud Internet users every day. wait… what?

We have a problem with Google. Its free service does a great job of making online tools more accessible to people around the world, but it also provides an easy way for scammers to set up shop. Without having to reveal your identity via credit card or billing address to make payments, scammers can easily weaponize these products to carry out their scams.

Most people are familiar with products like Gmail and Google Meet and know that anyone can use these services. But Google Sites is a little-known service. Also, the Google Sites service, which allows users to create her web pages, is a great help to scammers trying to hide under the veil of authenticity of her website in the Google.com domain name.

In a statement provided to Mashable, a Google spokesperson said, “Google sites expressly prohibit phishing and invest heavily in detecting, deterring, and removing abuse from our platform. increase.

Google is aware of this issue. However, the scams enabled by Google Sites continue. And finding them is not difficult.

Google stopped phishing

Phishing is a classic form of online fraud in which a malicious person copies the web design of a trusted website, such as a user’s bank, to trick an individual into entering sensitive information that the fraudster gains access to. It’s a trick. These scammers have successfully created these phishing websites on Google Sites.

SEO consultant Matt Tutt told Mashable:

Tutt previously wrote about his own personal experience with a Google Sites scam in 2020. Like many, Tutt decided to Google the website he wanted to visit instead of typing his URL directly into his web browser’s address bar. He clicked on the first link (Google Ads) on the search results page and assumed it was the official Google Ads website.

Tweet may have been deleted (opens in new tab)

“It looked pretty legit. To be honest, I never imagined anyone other than Google could advertise with the keyword ‘Google Ads,’ so I was probably caught off guard,” he explained. Did. “I was taken to the standard Google Ads home page, or at least I thought so. When I tried to log in, I noticed that the URL was slightly different. That’s when I went to the official Google Ads. I just noticed that it’s not on the site.”

“Luckily, I hadn’t entered my login credentials, but given that I’ve been working as an SEO specialist for over 10 years, I realized how easy it was to get scammed!” Tutt continued. rice field.

Had I entered my password on that fake Google Ads page, I would have sent my credentials directly to the scammers. And given that these phishing pages on his Google site could almost fool search experts like Tutt, it’s quite possible that the scammers are having success with less knowledgeable individuals. I have.

The problem is that all pages published on Google Sites are accessible with the URL structure “sites.google.com”. And everyone from cybersecurity professionals to tech-savvy families who have tried to teach people how to avoid phishing scams has always stressed the importance of looking at URLs. Do not click on or provide sensitive information on the page unless you trust the site. Very good tip. However, scammers are constantly evolving. Over the years, they have upgraded their tactics and armed themselves with subdomains like “YourBank.ScammersDomain.com”. The user is then specifically asked to look for the word immediately preceding the domain extension “.com”. If you’re not familiar with it, probably don’t trust it.

See Also: Scammers Target YouTube’s Smart TV Activation Site With Google’s Help

However, all user-generated web pages published on Google Sites are accessible through the “sites.google.com” URL. Even the scammer’s phishing website, which could be via “sites.google.com/yourbank”. The main keyword just before “.com” is Google, right? Mega Big Tech Corporation. The world’s largest search engine. The most popular website on earth. If it’s not a trusted domain, then nothing, right?This is why scammers prefer her Google site.

Direct to Consumer Fraud

The scammers who nearly tricked SEO consultant Tutt have shown some serious bravery by targeting people who are supposedly more tech-savvy than most people. However, most of these Google site scammers make sites a much easier target.

The first thing I learned was how bad the Google Sites scam was when my family fell victim to it. When trying to enable YouTube on the TV, my relatives Googled the YouTube TV activation URL instead of typing it directly into their web browser. A Google site phishing page popped up on Google’s first page, mimicking the appearance of the official YouTube site. In my research, I looked at how well Google ranks phishing sites on the first page of search queries for its sister company, YouTube. Since Google highly values ​​his Google Sites pages, these phishing pages occupy a leading position in many related search terms.

Screenshot showing how Google site phishing scams targeting YouTube users have ranked higher in Google searches since August 2021.Credit: Mashable screenshot

The site instructed families to enter the provided code to enable YouTube on their TV. Of course it didn’t work. That’s what Google Sites was made for. The scam site then informed my family that they had to call a phone number to activate YouTube on their TV. A scam where they called the number and were able to swindle hundreds of dollars out of what they believed was a small one-time charge used only to verify YouTube account activation on TV. Connected directly to the teacher.

Since that article was published last year, we’ve heard from a handful of readers who have fallen for similar scams using Google Sites, including scamming users trying to activate Amazon’s Prime Video.

In 2020, cybersecurity firm Armorblox released a report on the growing phenomenon. The scammer is armed with his free Google services such as Google Docs, Google Forms and of course Google Sites.

From American Express to Microsoft Teams to Target payroll providers, Armorblox used free services such as Google Sites to investigate phishing schemes impersonating various brands.

“But Google…[does] Armblox Chief Information Security Officer Brian Johnson told Mashable: Destroying them is a never-ending battle. “

The free-spirited nature of Google Sites and the cloaking of the Google.com domain is a major draw for bad actors, but there are other technical reasons as well.

“These URLs and domains are used for several legitimate purposes, so native email security filters are unlikely to block these inherently trustworthy links,” explained Johnson. increase.

Furthermore, Johnson said that when Google tries to crack down on a phishing website, the scammers can quickly put everything back together.

“They make it so easy to use, throw in, and set up another account again,” he continued. We can continue to initiate the flow of attacks.”

what’s next? A crypto scam of course!

Google responded to Google Site Fraud and shut down many phishing pages, but that didn’t deter the scammers. And it may not be all that shocking to find out where these bad guys are looking at their next money sign: cryptocurrencies.

Over the past year, scammers have weaponized Google Sites pages to steal people’s cryptocurrency wallets and account credentials from platforms like MetaMask and Coinbase, according to a new report from cybersecurity firm Netskope.

A report by Netskope shows examples of phishing pages on Google sites besides the copied MetaMask homepage.Credit: Netscope

These scams work much like other Google Sites scams. Scammers create pages similar to MetaMask or Coinbase login pages. Give users the option to log in by entering a username and password or a secret recovery phrase. Of course, when a user enters that information, they are not actually logged into their cryptocurrency wallet or cryptocurrency exchange account. They are just giving their account information to scammers.

SEE ALSO: The Biggest Crypto Scams of 2022 (So Far)

One interesting difference Netskope pointed out: scammers are very aggressive in crypto-related Google site scams. In previous Google site phishing schemes, most scammers seemed to silently trick Google Search into providing unlimited new targets, willing to enter personal information or call fake support numbers. I was. A Netskope report found that his Google Sites page of many crypto scams were actually scammed in blogs and social media posts across the web.

The next time you come across a web page that looks like the most trusted domain name on the planet, notice the “sites” subdomain in front of the “Google.com” URL. Could be just a scammer.

