How Scammers Use Google for Business Email Compromise

Several companies have made online productivity solutions like G Suite from Google the preferred option for business computing. It’s incredibly convenient and usually inexpensive for anyone from solo operations through large enterprises to replace physical machines and all the maintenance that comes with the territory with options like Gmail and other web-based tools. Yet services like Google are regularly exploited by scammers.

Google’s prominence in the software market as both a SaaS (software as a service) and PaaS (platform as a service) is a kind of double-edged sword – because it’s both accessible and familiar, it can be dangerous. We’ll explore how attacks utilizing Google services deceive us, beginning with how we think.

Why is Google used over some less familiar brand?

One of the first reasons Google-based attacks work better compared to attacks utilizing a less recognizable brand is because of we how we perceive the name “Google” itself. Unless you’re wearing a tinfoil-hat and sending carrier pigeons to avoid being watched by Big Brother, a la George Orwell’s 1984, you probably see Google as a kind of “good guy.”

Psychologically, trust plays a huge role in most of our actions, affecting the relationships we form, including those with non-living entities. In consumer psychology, the average consumer relationship with Google can be described as a case where we use low-cognition because of the brand’s familiarity, meaning our minds elaborate less on how we feel about the brand each time we see it stamped on something, ultimately sustaining the general attitude attributed to the family of services (Loken 2006).

Without going into a whole marketing exploratory, the Google brand has successfully fulfilled all six basic principles of persuasion (Cialdini & Goldstein 2002) with respect to the overall consumer relationship with the brand, essentially providing scammers a “built-in” opportunity (Read more...)