Security News > 2022 > January > Google Docs commenting feature exploited for spear-phishing

Google Docs commenting feature exploited for spear-phishing
2022-01-06 14:00

A new trend in phishing attacks emerged in December 2021, with threat actors abusing the commenting feature of Google Docs to send out emails that appear trustworthy.

Google Docs is used by many employees working or collaborating remotely, so most recipients of these emails are familiar with these notifications.

Since Google itself is being "Tricked" into sending out these emails, the chances of email security tools tagging them as potentially risky are practically zero.

The trick has actually been under limited exploitation since October last year, and while Google has attempted to mitigate the issue, they haven't fully closed the vulnerability yet.

The same technique works on Google Slide comments too, and Avanan reports having seen actors leveraging it on various elements of the Google Workspace service.

Deploy additional security measures that apply stricter file-sharing rules on Google Workspace.


News URL

https://www.bleepingcomputer.com/news/security/google-docs-commenting-feature-exploited-for-spear-phishing/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 141 994 4922 2872 1623 10411