Google Docs Users Beware! New Phishing Campaign Uses Comment Feature to Send Malicious Emails

By

Google Docs comment feature is now being used to spread phishing emails by cybercriminals, sending malicious links to their targets without being evaded by the email spamming system.

Google Docs Users Beware! New Phishing Campaign Uses Comment Feature to Send Malicious Emails
A picture taken on October 17, 2016 shows an employee typing on a computer keyboard at the headquarters of Internet security giant Kaspersky in Moscow. by KIRILL KUDRYAVTSEV/AFP via Getty Images

Google Docs New Phishing Campaign

As per the report by DarkReading, the new phishing campaign is using the Google Docs feature to send out a system-generated email from Google itself to trick its victims into falling for their malicious scheme.

The researchers from the cybersecurity firm that goes by the name Avanan discovered the Google Docs exploit way back in 2021.

According to the news story by ThreatPost, the cybersecurity researchers of Avanan have previously discovered the Google Docs comment threat was back in June 2021.

However, during that time, they only regarded it as a "novel exploit" from the productivity suite of Google. It is worth noting that even Sheets and Slides have the same exploitable feature.

But before 2021 comes to an end, that is about to change drastically.

The Cybersecurity Researcher and Analyst of Avanan, Jeremy Fuchs, said in his report that: "a new, massive wave of hackers leveraging the comment feature in Google Docs."

The Avanan researcher further noted that Google has yet to roll out a solution to the existing exploit on its comment feature across its productivity suites apps, such as Docs, Sheets, and Slides.

Google Docs Smart Reply Offers Faster Collaboration Using AI! Workspace, G Suite Could Also Receive the Feature
People walk past the Google pavilion at CES 2020 at the Las Vegas Convention Center on January 8, 2020 in Las Vegas, Nevada. CES, the world's largest annual consumer technology trade show, runs through January 10 and features about 4,500 exhibitors showing off their latest products and services to more than 170,000 attendees. Photo by Mario Tama/Getty Images

It was only in Dec. 2021 when the cybersecurity researchers saw a rise of cases wherein cybercriminals are using the Google Docs feature to spread malicious links.

In fact, Avanan further disclosed that about 500 email inboxes, primarily from Outlook users, have already experienced the new phishing campaign. On top of that, the threat actors are using more than a hundred Gmail accounts to carry out the cyberattacks.

Google Docs Comment Phishing: How it Works

Avanan said in the same cybersecurity report that threat actors are using the comments feature of Google Docs as it successfully evades any detection from anti-spam filters.

It comes as the email will be sent directly by Google to the mentioned use, which, in turn, raises the legitimacy of the email.

All the cyber attacker has to do is to mention its victim in the Google Docs document. After which, the tech giant will send a legitimate notification to the other party, which already contains the content of the doc.

As such, the victim no longer needs to go to the document. Instead, just by looking at the Google notification email, they could already see the malicious link that the phishing campaign is trying to spread.

The link would eventually ask its target to enter its login credentials.

This article is owned by Tech Times

Written by Teejay Boris

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags:Google Docs
Join the Discussion
Most Popular
Real Time Analytics