Security News > 2022 > January > Hackers exploit Google Docs in new phishing campaign

Attackers are taking advantage of the comment feature in Google Docs to send people emails with malicious links, says Avanan.
A new report released Thursday by email security provider Avanan looks at a new phishing campaign that abuses a popular feature in Google Docs to deploy malicious emails.
First, the email itself comes from a legitimate Google service, so it's likely to evade detection and be trusted by users at first glance.
Second, the email includes just the attacker's display name and not their email address, which means anti-spam filters may fail to catch it.
Avanan said that it informed Google about this exploit on January 3 through the Report Phish Through Email button in Gmail.
If you're wary of a particular Google Docs comment email, contact the actual sender to see if they sent you the comment.
News URL
Related news
- New Ad Fraud Campaign Exploits 331 Apps with 60M+ Downloads for Phishing and Intrusive Ads (source)
- Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert! (source)
- Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images (source)
- Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp (source)
- North Korean Hackers Disguised as IT Workers Targeting UK, European Companies, Google Finds (source)
- Google’s Sec-Gemini v1 Takes on Hackers & Outperforms Rivals by 11% (source)
- Hackers exploit WordPress plugin auth bypass hours after disclosure (source)
- Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices (source)