While email remains the main initial vector for carrying out a phishing attack, cyber attackers are increasingly exploiting other tools for this purpose. Recently, hackers are taking advantage of the comments feature in Google Docs to provide phishing links.
Vulnerability reported but not fixed
In October 2021, malicious actors already abused the comment feature in Google Docs to spread spam. Hackers have also used comments from Google Sheets and Slides for this.
Cybersecurity researchers from Avanan have reported the facts to Google. However, no action has been taken to close or even mitigate this vulnerability. After two months, these researchers noticed more violations.
Hackers use this same feature to distribute phishing links. Thanks to this technology, files escape from malicious email detection systems. According to the researchers, this wave of attacks is mainly targeting Outlook users. The process that hackers use is surprisingly easy.
Mention the goal to target their inbox
Commenting feature in Google Docs has many advantages for hackers. When a user is mentioned in a comment, Google sends them an email notification directly. Thanks to the latter, hackers easily spread malicious links.
In addition, the sender’s email address is not displayed, which makes detection difficult, but not only. Knowing that only the sender’s name remains the only information displayed, allowing malicious actors to impersonate a legitimate person, company or organization.
Google’s notification emails contain the comment text in which hackers attach a link containing the payload. Finally, the spam detection systems here seem completely useless since the email comes from Google itself.
“Hardcore beer fanatic. Falls down a lot. Professional coffee fan. Music ninja.”