SANS Stormcast Friday, June 20th, 2025: New Employee Phishing; Malicious Tech Support Links; Social Engineering App Sepecific Passwords
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 20 June 2025
⏱️ 6 minutes
🧾️ Download transcript
Summary
How Long Until the Phishing Starts? About Two Weeks
After setting up a Google Workspace and adding a new user, it took only two weeks for the new employee to receive somewhat targeted phishing emails.
https://isc.sans.edu/diary/How%20Long%20Until%20the%20Phishing%20Starts%3F%20About%20Two%20Weeks/32052
Scammers hijack websites of Bank of America, Netflix, Microsoft, and more to insert fake phone numbers
Scammers are placing Google ads that point to legitimate companies sites, but are injecting malicious text into the page advertising fake tech support numbers
https://www.malwarebytes.com/blog/news/2025/06/scammers-hijack-websites-of-bank-of-america-netflix-microsoft-and-more-to-insert-fake-phone-number
What s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia
Targeted attacks are tricking victims into creating app-specific passwords to Google resources.
https://cloud.google.com/blog/topics/threat-intelligence/creative-phishing-academics-critics-of-russia
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Friday, June 20th, 2025 edition of the Sand and Endowed Storm Center's Stormcast. |
| 0:07.7 | My name is Johannes Ulrich and this episode brought you by the Graded Certificate Program in Penetration Testing and Ethical Hacking is recorded in Stockholm, Germany. |
| 0:20.0 | One issue that it keeps happening is that in particular, new employees in organizations, |
| 0:26.1 | are being targeted by fishing or gift card scams. |
| 0:30.8 | Chris Crowley, Sands instructor, did set up a new Google workspace and, well, pretty much within a couple of weeks, |
| 0:40.8 | then started receiving phishing emails trying to target, well, luckily non-existing employees, |
| 0:47.9 | at that particular Google workspace. |
| 0:50.9 | These emails claim to come from Chris, given that he was, according to LinkedIn and |
| 0:56.2 | such, the owner of that particular company. And also interestingly, from address actually |
| 1:04.0 | then also implied some kind of urgency, which is often what's then being used to trick new employees into buying, for example, gift cards, |
| 1:13.7 | claiming that their new boss that they are still trying to impress, |
| 1:17.5 | is trying to basically get gift cards to give to some customer or the like. |
| 1:24.3 | Definitely something that you want to include in awareness training early on, that |
| 1:28.6 | particular new employees are specifically targeted by these sort of scams. And Maverbytes has an |
| 1:36.6 | interesting blog post about how Google is being abused in order to advertise fake tech support |
| 1:44.1 | numbers. Now, this is a new way to abuse Google. |
| 1:47.0 | We had in the past where malicious advertisers were basically just claiming to publish a tech |
| 1:52.6 | support number for Dell or Microsoft or whoever and included as part of their Google ad. |
| 1:59.5 | Now, this one is a little bit different. |
| 2:01.7 | When you're clicking on the link in the ad, |
| 2:03.9 | it actually goes to the legitimate webpage. |
| 2:06.5 | So, for example, in Malverabites case, |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.