A sophisticated phishing campaign is targeting Microsoft accounts in May 2025. Attackers are exploiting Google Apps Script to steal credentials. This new wave of scams tricks users with deceptive emails, as reported by Cofense cybersecurity experts.
The scheme leverages Google Apps Script to automate tasks. Attackers send emails with links to fraudulent invoices. The links direct victims to a "script.google.com" URL, making it appear legitimate. Clicking the link leads to a fake Microsoft 365 login page.
Users who enter their credentials unknowingly provide them to cybercriminals. To avoid becoming a victim, scrutinize unsolicited emails and double-check the sender's email address. Verify the true destination of links before clicking. Security firms urge increased vigilance and user education to combat evolving phishing tactics.