Hackers take advantage of legitimate comment functionality as a way to look legitimate, reach the Inbox, and avoid detection, despite using malicious links for phishing attacks.
Last month, security vendor Avanan observed a new wave of hackers using Google Docs’ comment feature as a means to target victims. In this attack, threat actors are sending malicious content via Google Docs using embedded links.
It’s quite brilliant, really. The attack is hosted on a Google domain (instant credibility), the victim is tagged using the @ and the user’s email address, the email is sent from Google (again, credibility), it looks like a business-related email (given the email is basically about the victim being tagged in a comment on a Google doc), the attacker’s email is not provided (only a “name”, which can be used to impersonate someone the victim knows) and it appears security solutions aren’t finding this malicious in nature.
Below is an example from Avanan:
Source: Avanan
The bottom line for any of these new kinds of phishing attacks is to educate users that if an email is unexpected at all, it should be assumed to be malicious until proven otherwise. A good continual Security Awareness Training program will not only teach users this level of vigilance, but continually reinforce the need to have a constant state of scrutiny whenever an unsolicited email is received.
