Security News > 2021 > June > Threat Actors Use Google Docs to Host Phishing Attacks

Threat actors are exploiting Google Docs by hosting their attacks within the web-based document service in a new phishing campaign that delivers malicious links aimed at stealing victims' credentials.
The attack begins with an email that includes a message that could be relevant to business users who commonly use Google Docs within their corporate environment.
"It's a custom HTML page made to look like that familiar Google Docs share page."
If a user clicks, the page redirects to the actual malicious phishing website, which steals the victim's credentials using another web page made to look like the Google Login portal but which is actually hosted from a URL clearly not affiliated with the tech giant.
First an attacker would write a web page that resembles a Google Docs sharing page, and then upload that HTML file to Google Drive.
Once the file is scanned, Google renders the HTML into a preview page that looks very much like a typical Google Docs page.
News URL
https://threatpost.com/google-docs-host-attack/166998/
Related news
- Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- Google Cloud KMS Adds Quantum-Safe Digital Signatures to Defend Against Future Threats (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Outsmarting Cyber Threats with Attack Graphs (source)
- Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos (source)