Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Phishing Campaign Abuses Google’s Infrastructure to Bypass Defenses

    KnowBe4 Team | Jan 14, 2026

    iStock-1202283152Researchers at RavenMail warn that a major phishing campaign targeted more than 3,000 organizations last month, primarily in the manufacturing industry.

    The phishing messages posed as legitimate business notifications, such as file access requests or voicemail alerts, and were designed to send users to credential-harvesting login pages.

    Notably, the campaign abused legitimate Google infrastructure and links to avoid being flagged by security tools.

    “In each case, emails were sent from legitimate Google infrastructure, passed SPF, DKIM, and DMARC, and used trusted Google-hosted URLs as payloads,” RavenMail says. “This fundamentally breaks the trust model that most email security platforms rely on....Security researchers have repeatedly observed that these campaigns bypass both secure email gateways and native email protections because there is nothing technically ‘wrong’ with the message delivery itself.”

    The campaign didn’t involve any breach of Google’s systems, but the attackers were able to “manipulate workflow automation services meant to streamline business processes.” The researchers note that this is part of a broader trend in which attackers are abusing legitimate services to bypass defenses. 

    “Attackers are also hosting phishing pages and multi-stage redirectors on Google Cloud Storage (GCS) - a fully trusted, HTTPS-served domain space,” RavenMail says.

    “Because many URL reputation systems treat cloud provider domains as benign, these links frequently evade detection. Separately, other campaigns have exploited Google platforms like Google Classroom and Google Forms to distribute phishing content at massive scale and avoid security filters that block unknown or low-reputation domains.”

    AI-powered security awareness training can give your organization an essential layer of defense against evolving social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.

    RavenMail has the story.

     

    Return To KnowBe4 Security Blog

    See how KnowBe4 can protect you from inbound and outbound email threats, and automate your training.

    ESC_HRM_URS_illustration_kb4Request your personalized demo to see how our technology:

    • Defends against advanced phishing attacks that other products miss
    • Prevents misdirected emails or files
    • Use live threat intelligence and behavioral analytics to automate personalized KnowBe4 training
    • Continuously assesses human risk and dynamically adapts policy controls
    • Enforces information barriers to meet compliance requirements
    • Stops unauthorized data exfiltration
    • Protects sensitive data without introducing friction

    It’s simple. Together we are stronger.

    Request a Demo

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/products/cloud-email-security/demo

    Topics: Phishing, Human Risk Management

    KnowBe4 Team

    ABOUT KNOWBE4 TEAM

    The KnowBe4 Team delivers timely, expert-driven insights on cybersecurity trends, emerging threat intelligence, human risk best practices, compliance strategies and industry research to help organizations strengthen their human defense layer and stay informed, resilient, and secure.

    Read more from KnowBe4 »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Gartner Magic Quadrant
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest insights, trends and security news. Subscribe to CyberheistNews.