Google Docs comment function is used for phishing attacks

M.Sc. Chris Wojzechowski (IT-Risk Manager, IT-Grundschutz Practitioner (TÜV)

Google Docs comment function is used for phishing attacks

Google Docs – simple spreadsheet as well as a word processor in the web browser. Practical, free of charge and also therefore interesting for criminals. In fact, Google’s environment is currently being used for phishing attacks. Particular emphasis is placed on the comment function. Text lines can be marked and provided with a note, for example.

As soon as a comment is set in the document, a corresponding notification e-mail goes out. The email then shows the document, the comment and the broken link.

Google Docs as a springboard for phishing campaigns

Anyone who places an “@” sign followed by the user name or e-mail in a text or table can write a comment. This content is sent from a Google domain to the corresponding one. This step is the critical one – because Google’s reputation and trust is used to motivate a click on the part of the victim.

Blacklisting a Google domain or IP addresses brings spam protection, but it can bring other unpopular features. After all, Google has long been more than just a search engine.

Free account, anonymous login, email service by Google

In the phishing attack with the help of Google Docs, a lot of things come together that are interesting for criminals:

  • Accounts can be registered anonymously
  • Reputation through the provider is available
  • The provider sends e-mails in its own name

Thus, an attacker can now go therefore, open a document and now write a comment. The placed link leads the victim to the desired page of the criminal. Using the names of friends or acquaintances can increase the likelihood of a click. At this point, an OSINT search is usually used.

The fatal thing is that the victim himself does not need to access the Google Doc document. Since the comment incl. link is included in the email from Google, all you need to do is click on the link from within the email. Therefore, checking the document is also omitted – it is simply not necessary to call it.

At this point, it should be mentioned that this procedure is also possible in Google Slides and Google Presentations. The bottom line, however, is that the spreadsheet and text program is the more frequently used software.

Photo of author

M.Sc. Chris Wojzechowski (IT-Risk Manager, IT-Grundschutz Practitioner (TÜV)

My name is Chris Wojzechowski and I am one of two managing directors of AWARE7 GmbH. Our butter & bread business is performing penetration tests. We are also committed to a broad understanding of IT security in Europe and for this reason we offer the majority of our products free of charge.