In a new campaign discovered by security researchers, the Google Docs comment box is abused to send malicious links

The technological world gives us many security and safety benefits along with enhancing our capabilities to make us more productive. But the Hackers always seem to be curious to find any loophole in the new technology to take advantage of it for their malicious activities. And now they target Google Docs to send malicious links to the users. And the users who easily click on any link without knowing its consequences make the work of malicious parties easier.

A new report released by Avanan, an email security provider, describes that the new campaign exploits the Google Docs comments section for sending phishing links and malware. Because one of the favorite techniques of hackers is to abuse popular products for illegal activities, now, look at how the users get affected by these harmful activities. Google Docs has a feature of commenting from where the users can collaborate. So when a person wants to assign a task to someone, he must include the email address of the relevant person. In a phishing campaign, the hackers comment on the app in which they include their email address by putting the “@” sign to grab the targeted party. The whole comment contains a link with the email that becomes the cause of spreading malware infection. In recent December, it was reported that this harmful activity firstly affects the users of Microsoft Outlook. Still, it gradually covers other recipients connected with different email platforms after some time.

According to an estimation, the Third-party uses almost hundreds of Gmail accounts to target more than 500 chat boxes of various organizations. Unlike other phishing activities, the hackers send emails to grab users, this time; it is more because now, Google itself sends emails to the users. Although the electronic mail address of the attacker is not mentioned, only a name is shown, which is used to pretend another person comes for an entertainment purpose, but its actual aim is something different. Because of this, the spam filter is unable to detect. Hackers can also misuse the name of trustworthy fellow workers. That’s why the chances of fraud are more.

To stop being the victim of these attacks, users should be as focused as they are while checking their inboxes whether any malicious email comes; if they see any, they never go for it. The same thing users can apply here too while commenting on Google Docs. Moreover, antivirus software is also built to remove these kinds of malware.


Read next: Almost One-Third of Identity Theft Victims Get Targeted Again
Previous Post Next Post