Technology
Hackers abuse Google Cloud to send trusted phishing emails
NEWYou can now listen to Fox News articles!
Cybercriminals have found a clever new way to get phishing emails straight into inboxes.
Instead of spoofing brands, they are abusing real cloud tools that people already trust. Security researchers say attackers recently hijacked a legitimate email feature inside Google Cloud.
The result was thousands of phishing messages that looked and felt like normal Google notifications. Many slipped past spam filters with ease.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – when you join my CYBERGUY.COM newsletter.
How this Google Cloud phishing attack worked
At the center of the campaign was Google Cloud Application Integration. This service allows businesses to send automated email notifications from workflows they build. Attackers exploited the Send Email task inside that system. Because the messages came from a real Google address, they appeared authentic to both users and security tools.
According to Check Point, a global cybersecurity firm that tracks and analyzes large-scale threat campaigns, the emails were sent from a legitimate Google-owned address and closely matched Google’s notification style. Fonts, wording, and layout all looked familiar. Over a two-week period in December 2025, attackers sent more than 9,000 phishing emails targeting roughly 3,200 organizations across the U.S., Europe, Canada, Asia Pacific, and Latin America.
Attackers used trusted Google Cloud infrastructure to route victims through multiple redirects before revealing the scam. (Thomas Fuller/SOPA Images/LightRocket via Getty Images)
MALICIOUS CHROME EXTENSIONS CAUGHT STEALING SENSITIVE DATA
Why Google phishing emails were so convincing
The messages looked like routine workplace alerts. Some claimed you had received a voicemail. Others said you were granted access to a shared document, like a Q4 file. That sense of normalcy lowered suspicion. Many people are used to seeing these exact messages every day. Even more concerning, the emails bypassed common protections like SPF and DMARC because they were sent through Google-owned infrastructure. To email systems, nothing looked fake.
What happens after you click
The attack did not stop at the email. Once a victim clicked the link, they were sent to a page hosted on storage.cloud.google.com. That added another layer of trust. From there, the link redirected again to googleusercontent.com. Next came a fake CAPTCHA or image check. This step blocked automated security scanners while letting real users continue. After passing that screen, victims landed on a fake Microsoft login page hosted on a non-Microsoft domain. Any credentials entered there were captured by the attackers.
Who was targeted in the Google Cloud phishing attack
Check Point says the campaign focused heavily on industries that rely on automated alerts and shared documents. That included manufacturing, technology, finance, professional services, and retail. Other sectors like healthcare, education, government, energy, travel and media were also targeted. These environments see constant permission requests and file-sharing notices, which made the lures feel routine.
“We have blocked several phishing campaigns involving the misuse of an email notification feature within Google Cloud Application Integration,” a Google spokesperson told Cyberguy. “Importantly, this activity stemmed from the abuse of a workflow automation tool, not a compromise of Google’s infrastructure. While we have implemented protections to defend users against this specific attack, we encourage continued caution as malicious actors frequently attempt to spoof trusted brands. We are taking additional steps to prevent further misuse.”
The incident demonstrates how attackers can weaponize legitimate cloud automation tools without resorting to traditional spoofing.
Ways to stay safe from trusted-looking phishing emails
Phishing emails are getting harder to spot, especially when attackers abuse real cloud platforms like Google Cloud. These steps help reduce risk when emails look familiar and legitimate.
1) Slow down before acting on alerts
Attackers rely on urgency. Messages about voicemails, shared files or permission changes are designed to make you click fast. Pause before taking action. Ask yourself whether you were actually expecting that alert. If not, verify it another way.
2) Inspect links before you click
Always hover over links to preview the destination domain. In this campaign, links jumped across multiple trusted-looking Google domains before landing on a fake login page. If the final destination does not match the service asking you to sign in, close the page immediately.
3) Treat file access and permission emails with caution
Shared document alerts are a favorite lure because they feel routine at work. If an email claims you were granted access to a file you do not recognize, do not click directly from the message. Instead, open your browser and sign in to Google Drive or OneDrive manually to check for new files.
The final step led users to a fake Microsoft login page, where entered credentials were silently stolen. (Stack Social)
4) Use a password manager to catch fake login pages
Password managers can be a strong last line of defense. They will not autofill credentials on fake Microsoft or Google login pages hosted on non-official domains. If your password manager refuses to fill in a login, that is a red flag worth paying attention to.
Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com/Passwords) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.
NEW GOOGLE AI MAKES ROBOTS SMARTER WITHOUT THE CLOUD
5) Run strong antivirus software with phishing protection
Modern antivirus tools do more than scan files. Many now detect malicious links, fake CAPTCHA pages, and credential harvesting sites in real time. Strong antivirus software can block phishing pages even after a click, which matters in multi-stage attacks like this one.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.
6) Reduce your exposure with a data removal service
Phishing campaigns often succeed because attackers already know your email, employer or role. That information is commonly pulled from data broker sites. A data removal service helps remove your personal information from these databases, making it harder for attackers to craft convincing, targeted emails.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.
7) Enable two-factor authentication (2FA) everywhere
Even if attackers steal your password, two-factor authentication (2FA) can stop them from accessing your account. Use app-based authentication or hardware keys when possible, especially for work email, cloud storage, and Microsoft accounts.
8) Report suspicious emails immediately
If something feels off, report it. Flag suspicious Google or Microsoft alerts to your IT or security team so they can warn others. Early reporting can stop a phishing campaign before it spreads further inside an organization.
Google phishing emails looked like routine workplace alerts. (Kurt “CyberGuy” Knutsson)
Kurt’s key takeaways
This campaign highlights a growing shift in phishing tactics. Attackers no longer need to fake brands when they can abuse trusted cloud services directly. As automation becomes more common, security awareness matters more than ever. Even familiar emails deserve a second look, especially when they push urgency or ask for credentials.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
If a phishing email comes from a real Google address, how confident are you that you would spot it before clicking? Let us know by writing to us at Cyberguy.com.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Copyright 2025 CyberGuy.com. All rights reserved.
The Kane Parsons’ film Backrooms is expected to earn up to $90 million in its opening weekend after pulling down $38 million on Friday alone. That’s not only above expectations, but absolutely obliterates A24’s previous opening weekend record of $25.5 million for Alex Garland’s Civil War. It’s also a better opening day than The Mandalorian and Grogu, which only pulled down $33.7 million on its way to a total $81.6 million for the weekend.
That also means that Backrooms is an incredibly profitable movie, with an estimated $10 million budget. By comparison, the latest Star Wars disappointment cost $165 million and was considered affordable compared to other entries in the series.
While Backrooms hasn’t received quite as much universal praise as fellow low-budget horror breakout Obsession, it’s still largely getting positive reviews. It also adds to the growing number of YouTube creators (including Obsession’s Curry Barker) who have proven to be successful box office draws.
NEWYou can now listen to Fox News articles!
A freight truck with no driver, no cab and no one sitting behind the wheel is starting to sound more familiar. In fact, this summer, that is exactly what is happening on local roads in Marysville, Ohio.
EASE Logistics, an Ohio-based logistics company, is partnering with autonomous truck technology company Einride to deploy two cab-less electric trucks between EASE warehouse locations. The two companies recently announced the proof-of-concept service.
The trucks will operate on EASE property and local public roads. They will move goods between warehouse locations while the companies collect data on warehousing, distribution and transportation operations.
The project is part of the Ohio Department of Transportation’s DriveOhio Truck Automation Corridor Project, in partnership with the Indiana Department of Transportation. The goal is to study how autonomous trucking affects operations, safety and freight efficiency.
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
AI TRUCK SYSTEM MATCHES TOP HUMAN DRIVERS IN MASSIVE SAFETY SHOWDOWN WITH PERFECT SCORES
Autonomous cab-less electric trucks are beginning real-world freight testing this summer on local roads in Marysville, Ohio, as EASE Logistics and Einride launch a new pilot program. (Kurt “CyberGuy” Knutsson)
What are cab-less electric trucks?
These are not regular trucks with a driver waiting to take over. Einride’s vehicles are electric, autonomous and cab-less. That means there is no traditional driver’s seat, steering wheel area or cab built for a human operator.
The trucks use SAE Level 4 autonomous technology. In other words, the vehicle can drive itself under specific approved conditions without a human driver inside.
However, the trucks will still have human oversight. A remote operator will monitor them from off-site and can intervene when needed. The companies say that setup helps keep operations running safely and smoothly during the test.
Where will the autonomous trucks operate?
The trucks will move freight between EASE Logistics warehouses in Marysville, Ohio. They will operate during the summer of 2026 on private property and local public roads.
That detail makes a difference because many autonomous vehicle tests happen in controlled settings. This project moves closer to normal freight work. These trucks will operate inside daily logistics
EASE says the deployment will generate data on how autonomous trucks affect warehouse movement, distribution timing and transportation operations. The companies want to see how this technology performs in the real world, where freight schedules and traffic conditions rarely behave perfectly.
THE ROAD TO PROSPERITY WILL BE PAVED BY AUTONOMOUS TRUCKING
EASE Logistics and Einride will operate driverless electric freight trucks between Ohio warehouse locations while collecting data on safety, efficiency and logistics operations. (Kurt “CyberGuy” Knutsson)
Why Ohio is testing cab-less electric trucks
Ohio has become an active testing ground for truck automation. This deployment extends the Ohio Department of Transportation and DriveOhio’s Truck Automation Corridor Project, in partnership with the Indiana Department of Transportation. The project is designed to evaluate how autonomous technology affects operations, safety and freight efficiency.
EASE President and CEO Peter Coratola, Jr., said, “EASE is proud to continue advancing the Truck Automation Corridor Project alongside DriveOhio and innovative partners like Einride.” He added, “Deployments like this help move autonomous trucking from controlled pilots into daily freight operations, where safety, reliability, and efficiency can be evaluated at scale.”
This also marks EASE Logistics’ third autonomous trucking deployment with DriveOhio. That puts the company among a small group of logistics providers testing multiple autonomous freight platforms in live operations.
How safe are cab-less electric trucks?
When people hear “driverless truck,” their first thought may not be efficiency. It may be, “What happens if something goes wrong?”
That reaction is fair. These vehicles are large, heavy and operate near the public. So safety will shape how people judge this project.
Einride CEO Roozbeh Charli said, “Deploying these autonomous trucks in daily logistics operations with EASE reflects years of rigorous development and real-world validation.” He added, “Safety is not a feature we add to our technology; it is the foundation everything is built on.”
The companies also say a remote operator monitors the trucks off-site and can intervene if needed. That detail helps, but the public will still want clear answers about routes, oversight, emergency response and how remote operators step in. Those answers will become more important as autonomous trucks leave closed test areas and enter everyday traffic.
Why companies want driverless freight
For logistics companies, the appeal is easy to understand. Electric autonomous trucks could help move freight with fewer emissions, more predictable scheduling and tighter warehouse coordination.
Short warehouse-to-warehouse routes also make sense for early autonomous deployments. The route is limited. The operation is easier to study. The company can collect useful data without starting with long-haul trucking across several states.
Still, the rollout will need to prove itself. Trucks must handle traffic, road conditions, pedestrians and unexpected behavior from human drivers. Those moments will test whether autonomous freight can deliver on its promise.
The future of autonomous trucking
Autonomous trucking has moved from bold promise to real-world testing. Yet the industry still has to earn public confidence.
This Ohio deployment gives EASE, Einride and transportation officials a chance to gather useful data. It also gives the public a closer look at what driverless freight looks like.
The cab-less design may be the most striking part. Removing the cab signals a bigger shift. These trucks are built around the idea that the vehicle, software and remote operations team can handle the job.
That marks a major change in how freight has worked for generations.
TESLA BUILDS A CAR WITH NO STEERING WHEEL. NOW WHAT?
Ohio officials are expanding autonomous freight testing with cab-less electric trucks operating on public roads under remote human supervision this summer. (Kurt “CyberGuy” Knutsson)
What this means to you
You may not live near Marysville, Ohio. Still, this test matters because it shows where freight transportation is heading.
If the project works well, more companies could look at autonomous trucks for warehouse-to-warehouse routes. That could change how goods move before they ever reach store shelves or your front door.
It could also raise new questions for workers. Logistics companies may need more people who can monitor, maintain and manage autonomous systems. At the same time, drivers and warehouse workers will want honest answers about how these trucks could affect jobs over time.
For consumers, the biggest issue may be trust. People will want proof that these vehicles can operate safely around regular traffic. They will also want transparency when something goes wrong.
Join CyberGuy Live: Lock Down Your Phone in 30 Minutes (Saturday, June 13, 10 am ET)
Your phone holds your email, passwords, photos, banking apps and personal data. In this free, live online class, Kurt the CyberGuy will walk you step by step through simple phone security fixes you can do in real time. You’ll learn how to improve your privacy settings, spot the latest phone scams, use trusted security tools and walk away with a simple checklist to stay protected. Register here: CyberGuyLive.com
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Kurt’s key takeaways
Cab-less electric trucks on Ohio roads may sound alarming at first. But this project shows how quickly autonomous freight is moving into real logistics work. The EASE and Einride deployment still has plenty to prove. Safety, public trust, worker impact and day-to-day reliability will all matter. However, this summer’s test could give the trucking industry a clearer look at what comes next. Driverless freight may start with short warehouse routes. Over time, it could reshape how goods move across the country.
Would you feel comfortable sharing the road with a cab-less electric truck if no driver was inside, but a remote operator was watching from miles away? Let us know by writing to us at CyberGuy.com.
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
It’s the world’s worst kept secret that Nvidia is about to announce its own Arm-powered laptop chips at Computex this weekend, and now Microsoft, Nvidia, and Arm are all openly teasing the announcement. The Windows and Nvidia GeForce accounts on X both posted “A new era of PC” earlier today, and now Arm has followed up with an identical post.
All three posts include coordinates pointing to where Computex is hosted in Taipei. Nvidia is holding a Computex keynote in Taipei at 8PM PT / 11PM ET on Sunday night, where it’s rumored to be announcing its new N1 and N1x laptop chips.
These Arm-powered Nvidia processors have been long-rumored, with reports earlier this year suggesting that both Lenovo and Dell have been preparing new laptops with the N1X chips. We first heard rumors about Nvidia’s laptop processors in 2023, and Dell CEO Michael Dell hinted at the possibility of an AI PC with Nvidia during an interview in 2024.
Nvidia’s entry into Windows on Arm will mean Qualcomm will no longer have an exclusive license for Microsoft’s Windows 11 Arm variant of its operating system. That’s good news for laptop competition, even if Qualcomm is trying to keep entry-level laptops affordable with its new Snapdragon C platform.
-
Utah4 minutes agoMan guilty of crash that killed Utah CEO and his daughter gets maximum sentence – East Idaho News
-
Vermont7 minutes agoFallen solar panels in Vermont prompt environmental concerns – Valley News
-
Virginia12 minutes agoManhunt underway for suspect in Virginia accused of killing sheriff’s deputy
-
Wisconsin22 minutes ago11 Wisconsin Towns With A Slower Pace Of Life
-
West Virginia27 minutes agoWest Virginia Racing Heritage Festival showcases state’s dirt track racing history at Pennsboro Speedway
-
Wyoming34 minutes agoLummis family could cash in on Microsoft data center expansion through Cheyenne land sales
-
Crypto37 minutes agoWhat is a ‘wrench attack,’ and why are they on the rise globally?
-
Finance42 minutes agoGoldman Sachs massively resets Snowflake stock price target for 2026
