Threat actors may send phishing messages to victims directing them to a spoofed GSaaS login portal (e.g., fake AWS Console or Mission Control login) to capture credentials.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.