Hackers exploit Google Docs comment feature in new phishing campaign

News and information from the Advent IM team.

This is an appealing technique for attackers whose malicious messages are delivered by Google

Attackers are abusing the comment feature in Google Docs to deliver malicious links to unsuspecting users, a new analysis by researchers at Check Point-owned Avanan has revealed.

In a detailed report published on Thursday, the researchers said they had noticed the new phishing campaign last month in which attackers primarily, though not exclusively, targeted Microsoft’s email service Outlook.

The campaign hit over 500 inboxes across 30 tenants, with threat actors using over 100 different Gmail accounts.

In the latest phishing campaign, Avanan researchers found that hackers used their Google account to create a Google Document and then added comments with malicious links using @ mentions.

In this case, Google automatically sends a notification email to the targets inbox, telling them that another user has mentioned them in a document.

In these notification emails, the entire comment along with the malicious link and other text (if added by the attacker) is sent to the recipient.

While the notification message does not show the email address of the sender, it displays the attacker’s name, making it easy for the attackers to impersonate someone at their organisation. They could use the name of a friend or colleague as the display name to increase the chances of the target clicking on the link.

Read via Computing.co.uk

Share this Post