We’re seeing a steady stream of ‘update your email’-type crude phishers along these lines:
I have lightly redacted the URL, but those action buttons are clearly not pointing to an IsecT domain.
Firebase Storage is a Google cloud storage/app service:
360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.
Google promotes Firebase security in terms of high availability and authentication for their customers i.e. web developers using Firebase to host content on the web. No mention of security for their customers’ victims though and although Google can’t be held entirely responsible for its customers’ nefarious activities, I presume (hope!) they have the processes in place to identify and respond efficiently to incidents of this nature.
I’ve reported this incident through a Firebase customer support channel as there is no obvious way for us to report misuse of their services by phishers etc.
I’ll let you know how they respond.