In recent times, there has been an increase in phishing activity that abuses Google Accelerated Mobile Pages (AMP) to bypass email security measures and get to the inboxes of enterprise employees. This has been a cause of concern for security researchers and organizations alike.
What is Google AMP?
Google AMP is an open-source HTML framework co-developed by Google and 30 partners to make web content load faster on mobile devices. It is designed to improve the user experience by providing faster loading times for web pages. However, threat actors have found a way to abuse this technology for malicious purposes.
How are attackers using Google AMP?
According to a report by Bleeping Computers, attackers are using Google AMP to create phishing pages that can bypass email security measures. These pages are designed to look like legitimate login pages for popular services such as Microsoft Office 365 or Google Workspace. Unsuspecting users who enter their credentials into these fake login pages risk having their accounts compromised.
The use of Google AMP in phishing attacks is particularly concerning because it allows attackers to create pages that are difficult to detect by traditional security measures. AMP pages are hosted on Google’s servers, meaning they have a high level of trust and legitimacy. This makes it easier for attackers to bypass email security measures and get their phishing emails into the inboxes of enterprise employees.