Google Docs – simple spreadsheet as well as a word processor in the web browser. Practical, free of charge and also therefore interesting for criminals. In fact, Google’s environment is currently being used for phishing attacks. Particular emphasis is placed on the comment function. Text lines can be marked and provided with a note, for example.
As soon as a comment is set in the document, a corresponding notification e-mail goes out. The email then shows the document, the comment and the broken link.
Google Docs as a springboard for phishing campaigns
Anyone who places an “@” sign followed by the user name or e-mail in a text or table can write a comment. This content is sent from a Google domain to the corresponding one. This step is the critical one – because Google’s reputation and trust is used to motivate a click on the part of the victim.
Free account, anonymous login, email service by Google
In the phishing attack with the help of Google Docs, a lot of things come together that are interesting for criminals:
- Accounts can be registered anonymously
- Reputation through the provider is available
- The provider sends e-mails in its own name
Thus, an attacker can now go therefore, open a document and now write a comment. The placed link leads the victim to the desired page of the criminal. Using the names of friends or acquaintances can increase the likelihood of a click. At this point, an OSINT search is usually used.
The fatal thing is that the victim himself does not need to access the Google Doc document. Since the comment incl. link is included in the email from Google, all you need to do is click on the link from within the email. Therefore, checking the document is also omitted – it is simply not necessary to call it.
At this point, it should be mentioned that this procedure is also possible in Google Slides and Google Presentations. The bottom line, however, is that the spreadsheet and text program is the more frequently used software.