Security News > 2022 > January > Hackers exploit Google Docs in new phishing campaign
Attackers are taking advantage of the comment feature in Google Docs to send people emails with malicious links, says Avanan.
A new report released Thursday by email security provider Avanan looks at a new phishing campaign that abuses a popular feature in Google Docs to deploy malicious emails.
First, the email itself comes from a legitimate Google service, so it's likely to evade detection and be trusted by users at first glance.
Second, the email includes just the attacker's display name and not their email address, which means anti-spam filters may fail to catch it.
Avanan said that it informed Google about this exploit on January 3 through the Report Phish Through Email button in Gmail.
If you're wary of a particular Google Docs comment email, contact the actual sender to see if they sent you the comment.
News URL
Related news
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities (source)
- Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)
- Hackers exploit DoS flaw to disable Palo Alto Networks firewalls (source)
- Hackers exploit Four-Faith router flaw to open reverse shells (source)
- New details reveal how hackers hijacked 35 Google Chrome extensions (source)