Attackers Abuse Google Docs for Phishing Attacks

Google Docs for Phishing AttacksAttackers are using a new technique to exploit Google Docs for phishing attacks, according to researchers at Avanan. The attackers take advantage of the fact that Google Docs automatically renders HTML code, so a Google Doc can act as a landing page to direct the user to the real phishing page. The researchers describe one example in which the Doc appeared to be a file share page.

“This Google Docs page may look familiar to those who share Google Docs outside of their organization,” Avanan says. “This, however, isn’t that page. It’s a custom HTML page made to look like that familiar Google Docs share page. The attacker wants the victim to “Click here to download the document” and once the victim clicks on that link, they will be redirected to the actual malicious phishing website where their credentials will be stolen through another webpage made to look like the Google Login portal.”

The researchers describe another attack in which the Google Doc itself acted as a phishing page. This Doc appeared to be a DocuSign login page. The login form contained an embedded listener that would send the user’s password to the attacker.

The links are distributed via phishing emails. Since the emails only contain a link to a Google Doc and not a website, they’re more likely to evade detection by security filters. Avanan concludes that more attackers will likely adopt this technique in the future.

“Hackers are bypassing static link scanners by hosting their attacks in publicly known services,” the researchers write. “We have seen this in the past with small services like MailGun, FlipSnack, and Movable Ink but this is the first time we’re seeing it through a major service like Google Drive/Docs.”

Attackers are constantly evolving their tactics to slip past technical defenses. New-school security awareness training can help your employees thwart social engineering attacks.

Avanan has the story.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews