Google says it recently blocked dozens of malicious websites that so-called “hacker-for-hire” services were using to try to phish users.
The company published a blog post(Opens in a new window) today intended to warn the public about the threat, which Google researchers have been tracking for years.
“We have seen hack-for-hire groups target human rights and political activists, journalists, and other high-risk users around the world, putting their privacy, safety and security at risk,” wrote Shane Huntley, director of Google’s Threat Analysis Group (TAG).
These hacker-for-hire companies can try to break into user accounts by circulating fake messages from Google or other companies, which have been designed to trick victims into visiting websites actually under a hacker’s control.
The websites can masquerade as phony login pages. If you type in your password, the login credentials will be secretly sent to the hacker, allowing them to break into your account.
Thursday’s blog post covered hack-for-hire groups based in three countries: India, Russia, and the United Arab Emirates. According to Google, these hacker-for-hire services can openly advertise themselves on the internet or promote their businesses discreetly through third parties, such as private investigation firms.
In India, Google has been tracking several hacker-for-hire services. One tactic they’ve been using includes sending fake messages pretending to come from Amazon’s AWS cloud service that can claim the user recently changed their password.
In Russia, the company has noticed one hacker-for-hire service using phony notifications from email providers including Gmail to trick users into visiting their malicious phishing pages. In some cases, the group will also spoof messages from local government organizations.
“Over the past five years, TAG has observed the group targeting accounts at major webmail providers like Gmail, Hotmail, and Yahoo! and regional webmail providers like abv.bg, mail.ru, inbox.lv, and UKR.net,” Huntley said. In addition, the group once openly advertised its hacking services on a website, which included a price list.
Recommended by Our Editors
Meanwhile, in the United Arab Emirates, one hacker-for-hire service has been using fake Google password-reset messages to phish unsuspecting victims.
According to Huntley, the hacker-for-hire services can target a wide range of sectors, including the government, healthcare, education, and nonprofits. “The breadth of targets in hack-for-hire campaigns stands in contrast to many government-backed operations, which often have a clearer delineation of mission and targets,” he added.
The blog post goes on to say Google has identified 36 malicious pages these hacker-for-hire services were using. The company has since placed warning notices on the pages to ward away users from visiting them through a browser. “Additionally, our CyberCrime Investigation Group is sharing relevant details and indicators with law enforcement,” Huntley said.
To stay safe, be careful around your email inbox and messages over social media. Users can also enroll in Google’s Advanced Protection Program, which is designed to stop the most sophisticated hackers from breaking into your account.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.