Google claims to have recently blacklisted hundreds of fraudulent websites used by “hacker-for-hire” firms to phish consumers.
After years of monitoring the threat, Google researchers finally released a blog post today to alert the public. According to the head of Google’s Threat Analysis Group, “we have seen hack-for-hire groups target human rights and political activists, journalists, and other high-risk individuals throughout the world,” who are all at danger of having their privacy, safety, and security compromised (TAG).
Companies that hire hackers might try to get access to user accounts by sending phishing emails purporting to come from Google or another reputable company. These emails direct users to malicious websites that are really controlled by the hackers.
The sites might seem like legitimate login pages. If you enter your password, the hacker will be able to access your account without your knowledge. Groups operating as “hack-for-hire” from India, Russia, and the United Arab Emirates were the focus of Thursday’s blog post. Google claims that hacker-for-hire services are free to offer themselves publicly online or covertly through intermediaries like private investigative agencies.
Google has been keeping tabs on a number of Indian hacking firms. They’ve been sending out bogus mails purporting to be from Amazon’s AWS cloud service, in which they say the customer has just updated their password.
One Russian hacker service has been observed sending out fake alerts purporting to come from popular email providers like Gmail in an attempt to deceive users into accessing harmful phishing URLs. Sometimes they would even send fake mails purporting to come from local authority.
During the past five years, “TAG has noticed the organization targeting accounts at major webmail providers including Gmail, Hotmail, and Yahoo! and regional webmail providers like abv.bg, mail.ru, inbox.lv, and UKR.net,” Huntley added. Also, the gang formerly had a website where it publicly promoted its hacking services, complete with a pricing list.
Meanwhile, in the United Arab Emirates, one hacking service has been utilizing bogus Google password reset mails to scam users.
If you employ a hacker, they can break into any system you choose, including those belonging to the government, the healthcare industry, educational institutions, and charitable organizations, as Huntley explains. When compared to government-backed operations, which often have a more clearly defined purpose and aims, “the variety of targets in hack-for-hire activities stands in contrast,” he said.
As the blog article continues, we learn that Google has uncovered 36 malicious websites used by these hacker-for-hire firms. As a result, the business has posted cautionary messages on the pages to discourage browser access to them. In addition, “our CyberCrime Investigation Group is exchanging important facts and signs with law enforcement,” as Huntley put it.
Be wary of your inbox and social media communications if you want to avoid harm. Users may also join up for Google’s Advanced Protection Program to safeguard their accounts from even the most advanced cybercriminals.