This Google Docs URL Spoofing Flaw is Making Phishing More Common

A phishing attack can be a devastating thing for the average consumer to experience because of the fact that this is the sort of thing that could potentially end up resulting in them losing access to their various accounts. Some of these accounts might even be bank accounts or related to some other financial services, so the frequency with which these attacks are occurring is a definite cause for alarm that many would want to work towards reducing.

With all of that having been said and now out of the way, it is important to note that if you use a custom URL, also called a vanity URL, with Google Docs, Zoom or Box, you might be exposing your organization to many phishing attacks. These URLs can contain spoofing flaws which allows malicious actors to generate links that look extremely legitimate with all things having been considered and taken into account. Indeed, these links can sometimes look like they are hosted by the organizations servers.

For example, if you want to make a custom URL through Box for example, you would need to use a name.box.com URL. Malicious actors might use that, but in spite of the fact that this is the case the click through rate is low if users are not familiar with the app that is in the URL. As per Varonis, threat actors can get around this by using the names of brands and organizations that have custom URLs of their own, since targets will be more likely to interact with a link that is offered by an organization which they can recognize through their distinctive vanity URL.

Shortened URLs were supposed to clear up which sites were safe and which were not, but they are becoming ever more difficult to manage. Malicious actors frequently up the ante when they face resistance, and by spoofing vanity URLs they are managing to keep their attacks consistent and devastating. Sending Google Docs with these vanity URLs further ads legitimacy which increases the chances that a customer won’t just click on the link but would also fill out information in the given form.


Read next: Data Compromises Affected Over 20 Million Users In The United States Alone, According To A Q1 2022 Report From ITRC
Previous Post Next Post