Hackers use Google Docs for attacks
At the end of December, a new wave of phishing attacks was identified, mainly targeting Outlook users. The security researchers found out that attackers abuse the "comment" function of Google Docs to distribute malicious links via a phishing campaign.
Security researchers at Avenan, a Checkpoint company, observed a massive new wave of hackers exploiting the commenting feature of Google Doc applications in December. In October, Avenan first discovered that the commenting feature of Google Docs, Sheets and Slides could be exploited to send spam emails. Accordingly, the known vulnerability has not yet been closed by Google.
The attackers target Google Docs and Spreadsheets users by adding a comment to documents mentioning specific users with an "@", which automatically sends emails to the users' Outlook inboxes. The mail sent via Google can then contain both text and malicious links. So far, the attackers have primarily targeted Outlook users over 100 different Gmail accounts. Since the mails are delivered directly via Google, they are usually not detected by antivirus programs and firewalls.
Jeremy Fuchs, Cybersecurity Researcher/Analyst at Avenan, advises users to contact the legitimate sender and confirm the validity of the message if they are unsure. Avenan also recommends users check any email addresses in comments to make sure they are legitimate before clicking on a Google Docs comment.
Source: alltechnews.com
