Leveraging the Google AMP service: new frontiers for phishing attacks

Phishing attacks are becoming more sophisticated thanks to the illegal use of popular technologies, such as Google's Accelerated Mobile Pages (AMP) service. Recently, phishing campaigns have been detected that take advantage of the AMP system to evade security mechanisms. AMP phishing attacks are problematic for organizations as there are few solutions to mitigate them, according to Avanan researchers.

How phishing attacks using AMP work

These threat actors leverage Google's AMP service to create masquerading URLs that can be used in their phishing attacks. When a user accesses a website through the AMP system, the URL displayed on the browser appears to be a Google URL. From here, cybercriminals can easily disguise their malicious sites as legitimate. Using a legitimate Google URL also makes it harder to detect phishing activity.

The limits of security filters

Traditional IP-based security filters and anti-phishing tools struggle to thwart these evasive attacks. While these solutions are generally effective at blocking most phishing threats, they struggle when a malicious website's URL is masquerading as a legitimate Google URL. Also, as reported by the Avanan team, machine learning and AI-based security solutions are facing the same challenge.

Towards an effective solution

Despite these challenges, there are strategies to protect yourself from AMP phishing attempts. Avanan suggests taking a multi-layered approach and using advanced defense techniques like the Sandbox. Users can also protect themselves by enabling two-factor authentication where available. As security vendors seek to develop more effective solutions against these evasive attacks, users need to remain vigilant and adopt online safety best practices.