Security News > 2022 > January > Hackers exploit Google Docs in new phishing campaign
Attackers are taking advantage of the comment feature in Google Docs to send people emails with malicious links, says Avanan.
A new report released Thursday by email security provider Avanan looks at a new phishing campaign that abuses a popular feature in Google Docs to deploy malicious emails.
First, the email itself comes from a legitimate Google service, so it's likely to evade detection and be trusted by users at first glance.
Second, the email includes just the attacker's display name and not their email address, which means anti-spam filters may fail to catch it.
Avanan said that it informed Google about this exploit on January 3 through the Report Phish Through Email button in Gmail.
If you're wary of a particular Google Docs comment email, contact the actual sender to see if they sent you the comment.
News URL
Related news
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials (source)
- Hackers exploit Roundcube webmail flaw to steal email, credentials (source)
- Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)