Internet Storm Center Discusses Critical Cybersecurity Issues

In the June 20, 2025 edition of the Internet Storm Center's Stormcast, Johannes Ullrich discusses several crucial cybersecurity topics. One recurring issue is the targeting of new employees with phishing or gift card scams. Chris Crowley, an instructor at SANS, shared an experience where he received phishing emails shortly after setting up a new Google workspace. These emails pretended to be from him, using information available on LinkedIn, and created a sense of urgency to prompt new employees to purchase gift cards. Ullrich emphasizes the importance of educating new employees about these types of scams as soon as they join the company. Another topic covered is the abuse of Google to promote fake technical support numbers. Unlike previous methods where malicious advertisers directly published fake numbers in their ads, this new technique redirects users to the legitimate company website. However, the advertiser uses the user's search string to pre-fill a search box on the site with a fake support number, making the scam more credible. Ullrich compares this method to a form of cross-site scripting, although it does not involve HTML or JavaScript code. Google has also published a blog post detailing targeted attacks aimed at obtaining application-specific passwords from users. These passwords are often used to bypass two-factor authentication in legacy email clients. Attackers pose as legitimate applications, such as "ms.state.gov," to trick users into providing these passwords. Ullrich clarifies that these passwords are not just application-specific but can grant access to the user's entire account. He recommends using OAuth as an alternative, although this also presents similar risks if users provide their credentials to malicious applications. In conclusion, Ullrich stresses the importance of regularly reviewing the applications linked to your account, whether they use application-specific passwords or OAuth credentials. This vigilance is essential to protect your accounts from unauthorized access. For more details, watch the full video at the following address: https://www.youtube.com/watch?v=X1AzM0ObHN8