Address
33-17, Q Sentral.
2A, Jalan Stesen Sentral 2, Kuala Lumpur Sentral,
50470 Federal Territory of Kuala Lumpur
Contact
+603-2701-3606
[email protected]
The Hidden Threat in Your Slides
Think your corporate decks are safe? Think again. Attackers now host fake Microsoft logins inside Gamma presentations—using the trusted “gamma.app” domain to slip past filters and steal credentials.
What Is Gamma?
- AI-Powered Presentations: Turn prompts into dynamic, memo-style slides with live charts, videos, and embedded docs.
- Rapid Growth: Launched in 2020, backed by $12 M from Accel, Script Capital, South Park Commons, and more.
How the Scam Works
- Deceptive PDF: You get an email with a PDF that urges you to “review secure docs.”
- Gamma Redirect: The PDF link opens a Gamma deck on gamma.app—no red flags there.
- Fake CAPTCHA: A Cloudflare Turnstile check adds legitimacy and fools scanners.
- Spoofed Sign‑In: A phony SharePoint page captures your Microsoft credentials via an AiTM proxy.
Why It’s So Sneaky
- Living Off Trusted Sites (LOTS): Hosting on gamma.app beats SPF/DKIM checks and leverages domain trust.
- Adversary‑in‑the‑Middle (AiTM): Proxies your session in real time, so stolen logins always look valid.
Rising AI-Driven Phishing Trends
- Deepfake Voices: Cloned executive calls to authorize fake transfers.
- Open‑Source Kits: Tools like Stable Diffusion and ElevenLabs lower the bar for scams.
- Smart Timing: Attacks hit during 2–3 p.m. slumps when vigilance is low.
Defend Your Team Now
- Use Phishing‑Resistant MFA (FIDO2 keys or hardware tokens)
- Adopt Zero Trust Segmentation around identity and doc services
- Block & Monitor gamma.app Links in your email gateway and SIEM
- Train Employees with LOTS/AiTM phishing drills
🔍 Top 3 FAQs
1. Why target Gamma?
Because gamma.app is trusted. Phishers hide links in a legit domain to bypass email filters and trick users.
2. How does the AiTM proxy steal creds?
It sits between you and the real Microsoft login—relaying your session so stolen logins always work.
3. What’s the best defense?
Switch to phishing‑resistant MFA (hardware or FIDO2 keys). No more SMS or email codes.
Sources The Hacker News
