GOOGLE APPS SCRIPT EXPLOITED IN COMPLEX PHISHING CAMPAIGNS

A whole new phishing campaign has long been observed leveraging Google Apps Script to provide misleading material designed to extract Microsoft 365 login credentials from unsuspecting consumers. This process makes use of a trustworthy Google System to lend believability to malicious one-way links, thereby raising the chance of user conversation and