Erik van Straten on Nostr: Evil Google targets Canadians Since Oct. 25 2024 (maybe earlier), Google is hosting a ...
Evil Google targets Canadians
Since Oct. 25 2024 (maybe earlier), Google is hosting a bunch of phishing websites, mostly targeting Canadians, on at least 20 of their servers in different countries.
To clarify, the DNS records of roughly 150 unique domain names (including "www." variants) change nearly every day to point to another IP address. There's a significant overlap in the domain names per server; obviously the same criminals are pulling this off.
A few examples of (obviously phishing) domain names (more details in a follow-up toot):
11/94 canada-post-office·com
16/94 reschedule-cp·app
11/94 carbonrebatecanadaservice·com
11/94 gigadatcanada·com
7/94 rogersverify·com
13/94 rbcteam-royalbank·com
14/94 secureloginsroyalbank·com
13/94 royalbank-verifysecure·com
Notes:
• At the left the number of virus scanners (of 94) is shown that, according to VirusTotal.com, currently identifies mentioned websites as malicious (this number does not include virus scanners that warn only, like "suspicious" or "spam").
• I've replaced the dot by a · (high dot) to prevent accidental opening of websites with the mentioned domain names.
• None of the obviously malicious websites I checked were detected by "Google Safe Browsing" (according to VirusTotal.com - a company owned by Google).
Google earns huge amounts of money by renting server space to cybercriminals. They don't care about vulnerable people getting robbed.
DV (Domain Validated) certificates are obtained for free and fully anonymously by the adversaries. Renting domain names is very cheap compared to the profits made.
My estimate is that way more than half of the domain names ever registered was or is used for malicious purposes.
Big tech WANTS cybercriminals to remain anonymous; it's an important part of their business model. We all pay the price.
Credits to Guy Bruneau for providing the lead for my research in https://isc.sans.edu/diary/Phishing%20for%20Banking%20Information/31548.
🧵 Continued in https://infosec.exchange/@ErikvanStraten/113737899006464714
nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqy2rwp9ffzwwy9uagtau9w2s0746e47xjlc9ege7vjhnzjhyp6kaqzqxfza (nprofile…xfza)
#Google #Evil #GoogleIsEvil #BigTech #Profits #Cybercrime #Phishing #GoogleFacilitatesCybercrime
Since Oct. 25 2024 (maybe earlier), Google is hosting a bunch of phishing websites, mostly targeting Canadians, on at least 20 of their servers in different countries.
To clarify, the DNS records of roughly 150 unique domain names (including "www." variants) change nearly every day to point to another IP address. There's a significant overlap in the domain names per server; obviously the same criminals are pulling this off.
A few examples of (obviously phishing) domain names (more details in a follow-up toot):
11/94 canada-post-office·com
16/94 reschedule-cp·app
11/94 carbonrebatecanadaservice·com
11/94 gigadatcanada·com
7/94 rogersverify·com
13/94 rbcteam-royalbank·com
14/94 secureloginsroyalbank·com
13/94 royalbank-verifysecure·com
Notes:
• At the left the number of virus scanners (of 94) is shown that, according to VirusTotal.com, currently identifies mentioned websites as malicious (this number does not include virus scanners that warn only, like "suspicious" or "spam").
• I've replaced the dot by a · (high dot) to prevent accidental opening of websites with the mentioned domain names.
• None of the obviously malicious websites I checked were detected by "Google Safe Browsing" (according to VirusTotal.com - a company owned by Google).
Google earns huge amounts of money by renting server space to cybercriminals. They don't care about vulnerable people getting robbed.
DV (Domain Validated) certificates are obtained for free and fully anonymously by the adversaries. Renting domain names is very cheap compared to the profits made.
My estimate is that way more than half of the domain names ever registered was or is used for malicious purposes.
Big tech WANTS cybercriminals to remain anonymous; it's an important part of their business model. We all pay the price.
Credits to Guy Bruneau for providing the lead for my research in https://isc.sans.edu/diary/Phishing%20for%20Banking%20Information/31548.
🧵 Continued in https://infosec.exchange/@ErikvanStraten/113737899006464714
nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqy2rwp9ffzwwy9uagtau9w2s0746e47xjlc9ege7vjhnzjhyp6kaqzqxfza (nprofile…xfza)
#Google #Evil #GoogleIsEvil #BigTech #Profits #Cybercrime #Phishing #GoogleFacilitatesCybercrime