Google Docs “Comments” Feature Is Being Targeted By Hackers

Malicious links are being sent to Outlook users in a recent phishing campaign attempt.

The attacks, which were identified last month, have been difficult for victims and email scanners to identify. Researchers from Avanan discovered that Google Docs, Sheets and Slides could be used to spam emails back in October, however there has been no statement or mitigation attempts from Google thus far regarding the vulnerability.

Threat actors are leaving comments with “@(insert target user)” into document comments, which auto-sends an email to that person’s inbox. The Google-related email contains text and malicious links.

Currently, more than 500 inboxes and 100 different Gmail accounts have been exploited. Attackers pose as a recognizable entity, and the worst part is that email addresses of the sender isn’t shown through these spam emails. If you have a real email, such as “john.doe@company.com” and a fraudulent email “john.doe@gmail.com,” you’ll only see that “John Doe” mentioned you in a comment in the document. If that “John Doe” is your CEO or coworker, you likely won’t think much of it before clicking on the link.

These types of emails are able to bypass threat protection systems due to the fact that the notification comes straight from Google, who is generally allowed on lists as being a trusted source. These types of attacks are likely to continue if left unchecked.

Make sure to double check that the resulting emails are consistent with the email address in the comments. If you’re still unsure, you can always reach out to the legitimate sender and confirm that they meant to send the email.