Cybercriminals have discovered an innovative method for stealing Microsoft 365 accounts by leveraging Google Apps Script. According to TechRadar, this cloud-based platform, designed for automating tasks within Google services using JavaScript, has become a popular tool for executing phishing attacks.

Attackers send emails to victims containing fake invoices from Google. The links in these emails lead to script[.]google[.]com, creating an illusion of legitimacy. When the victim clicks on the link, a loading message appears. Clicking the button redirects the user to a counterfeit Microsoft 365 login page that closely resembles the real one. Any credentials entered are sent directly to the hackers.

To better cover their tracks, the fraudsters set up the fake page to redirect the victim to the genuine Microsoft 365 site once the login credentials are entered.

Cybersecurity experts at Cofense have identified this scheme and are warning about its dangers. They advise against opening suspicious emails, especially those containing unexpected invoices from Google. It's also crucial to check email addresses and websites to avoid falling victim to fraud.