Phishing attacks exploit Google Cloud services to steal Microsoft 365 logins. Cybercriminals send fake Google emails, using trusted domains to redirect victims to a look-alike login page. Google acknowledges this abuse and has acted to mitigate such campaigns, advising users to verify URLs and use multi-factor authentication to enhance security.
Phishing Campaign Abuses Google Cloud Services to Steal Microsoft 365 Logins

