Hackers are at it again.
Recently, a cybersecurity company called Avanan has conducted a research detailing how hackers exploit victims in a new scheme.
Apparently, these hackers use Google Docs’ comments to slip malicious links and content past the service’s filters and security tools.
Google Docs’ comments feature makes it very easy to collaborate with co-workers especially with the remote set-up. It helps start a conversation, object to a particular sentence or phrase, or indicate when revision has been made.
Unfortunately, cybercriminals are using Google Docs comments to spread malicious links among users.
- Warning: Google Drive security update will break some file links, says Google
- Over 50K warnings were sent out to government-backed hacks, says Google
- DELETE Google Chrome browser on Android now, cybersecurity expert warns users
Hackers exploit users via Google Docs comments
Avanan’s Jeremy Fuchs said that in December, the cybersecurity company has seen cyberattacks using Google Docs and Google Slides’ comment feature to leverage attacks against Outlook users.
According to Fuchs, the hackers are adding a comment to a Google Doc –– the comment would specifically mention the target. Then, the person automatically gets an email.
Little did the person know that the email includes bad links, content, and texts. Furthermore, the email address is not shown, just the attacker’s name.
“In this attack, hackers are adding a comment to a Google Doc. The comment mentions the target with an @. By doing so, an email is automatically sent to that person’s inbox. In that email, which comes from Google, the full comment, including the bad links and text, is included. Further, the email address isn’t shown, just the attackers’ name, making this ripe for impersonators,” says Fuchs in a blog post.
This is not the first time this technique has been used. In fact, the scheme has long been used and Google has released fixes for the same issue back in 2020.
Avanan also included images showing researchers testing the flaw in Google Docs and Google Slides using the malicious link that was added to a comment.
The company noted that they primarily saw the hackers target Outlook users, although not exclusively. The hackers used over 100 different Gmail accounts, hitting over 500 inboxes across 30 tenants.
Google is on most Allow Lists with most users trusting emails coming from Google. The bad thing is, Google’s anti-spam features are worthless against these attacks because the email does not use the hacker’s email address but their display names only.
There is no way to find out whether the comment came from someone from inside the company or from somewhere else.
“Further, the email contains the full comment, along with links and text. The victim never has to go to the document, as the payload is in the email itself. Finally, the attacker doesn’t even have to share the document — just mentioning the person in the comment is enough,” Fuchs added.
The company also noted that last year, they reported another Google Docs attack that allowed hackers to easily distribute phishing websites to its users.
Unfortunately, cybercriminals can’t be stopped, however, we can employ extra measures to protect ourselves. Avanan suggested checking the links multiple times before clicking them.
Users should be extra cautious when it comes to these kinds of situations, even if emails come from legitimate senders.
More tech news: