Attackers are leveraging Google Cloud Platform to trick victims and deliver payloads of malware. At least 42 organizations, mostly in the financial sector, have been targeted with this attack due to Google App Engine being whitelisted by most organizations for business functions. Attackers create a decoy PDF and attach it to a convincing email that tries to get the reader to click the file. Upon opening the PDF and clicking the link, the user is redirected to a failed website where a malicious word document is downloaded. If the user opens the word document and enables editing, the document executes a macro, and the malware is downloaded. It is recommended to continually instill best practices with phishing email recognition and ensure only required individuals have access to enable macros.