Threat Actors Use Google Docs to Host Phishing Attacks
Exploit in the widely used document service leveraged to send malicious links that appear legitimate but actually steal victims credentials.
Threat actors are exploiting Google Docs by hosting their attacks within the web-based document service in a new phishing campaign that delivers malicious links aimed at stealing victims’ credentials.
Researchers at email and collaboration security firm Avanan discovered the campaign, which is the first time they said they’ve seen attackers use this type of exploit in Google’s hosted document service, according to a report published Thursday by Jeremy Fuchs, marketing content manager for Avanan.
By hosting attacks in this way, attackers can bypass link scanners and evade detection from common security protections that aim to verify that links sent via email are legitimate. Previously, attackers have used the attack vector in smaller services such as MailGun, FlipSnack, and Movable Ink, according to Avanan.
The attack begins with an email that includes a message that could be relevant to business users who commonly use Google Docs within their corporate environment. In the example shown in the report, the message claims the link contains a set of “new rules for June 25.”
/cdn.vox-cdn.com/uploads/chorus_asset/file/25416369/STK473_NET_NEUTRALITY_CVIRGINIA_A.jpg)
