Security News > 2021 > June > Threat Actors Use Google Docs to Host Phishing Attacks
Threat actors are exploiting Google Docs by hosting their attacks within the web-based document service in a new phishing campaign that delivers malicious links aimed at stealing victims' credentials.
The attack begins with an email that includes a message that could be relevant to business users who commonly use Google Docs within their corporate environment.
"It's a custom HTML page made to look like that familiar Google Docs share page."
If a user clicks, the page redirects to the actual malicious phishing website, which steals the victim's credentials using another web page made to look like the Google Login portal but which is actually hosted from a URL clearly not affiliated with the tech giant.
First an attacker would write a web page that resembles a Google Docs sharing page, and then upload that HTML file to Google Drive.
Once the file is scanned, Google renders the HTML into a preview page that looks very much like a typical Google Docs page.
News URL
https://threatpost.com/google-docs-host-attack/166998/
Related news
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them (source)