Phantoms in the Cloud: Fraudsters Exploit Google Cloud Storage for Deceptive Campaigns

Aryaka Threat Research Labs discovered a financially motivated cloud-based phishing campaign that leverages Google Cloud Storage to host HTML redirectors and fraudulent prize/bonus sites. Attackers impersonate trusted services (e.g., Gmail, Google Drive), exploit gaps in email authentication (SPF pass with missing DKIM and weak DMARC), use CAPTCHA challenges to evade automated analysis, and collect user/browser data via analytics platforms to refine targeting; Aryaka disclosed the abuse to Google Cloud and coordinated with Proofpoint to update detection rules.