Google Docs comment function is used for phishing attacks

M.Sc. Chris Wojzechowski

Google Docs comment function is used for phishing attacks

Google Docs – simple spreadsheet as well as a word processor in the web browser. Practical, free of charge and also therefore interesting for criminals. In fact, Google’s environment is currently being used for phishing attacks. Particular emphasis is placed on the comment function. Text lines can be marked and provided with a note, for example.

As soon as a comment is set in the document, a corresponding notification e-mail goes out. The email then shows the document, the comment and the broken link.

Google Docs as a springboard for phishing campaigns

Anyone who places an “@” sign followed by the user name or e-mail in a text or table can write a comment. This content is sent from a Google domain to the corresponding one. This step is the critical one – because Google’s reputation and trust is used to motivate a click on the part of the victim.

Blacklisting a Google domain or IP addresses brings spam protection, but it can bring other unpopular features. After all, Google has long been more than just a search engine.

Free account, anonymous login, email service by Google

In the phishing attack with the help of Google Docs, a lot of things come together that are interesting for criminals:

  • Accounts can be registered anonymously
  • Reputation through the provider is available
  • The provider sends e-mails in its own name

Thus, an attacker can now go therefore, open a document and now write a comment. The placed link leads the victim to the desired page of the criminal. Using the names of friends or acquaintances can increase the likelihood of a click. At this point, an OSINT search is usually used.

The fatal thing is that the victim himself does not need to access the Google Doc document. Since the comment incl. link is included in the email from Google, all you need to do is click on the link from within the email. Therefore, checking the document is also omitted – it is simply not necessary to call it.

At this point, it should be mentioned that this procedure is also possible in Google Slides and Google Presentations. The bottom line, however, is that the spreadsheet and text program is the more frequently used software.

Photo of author

M.Sc. Chris Wojzechowski

My name is Chris Wojzechowski and I studied my Master in Internet Security in Gelsenkirchen a few years ago. I am one of two managing directors of AWARE7 GmbH and a trained IT Risk Manager, IT-Grundschutz practitioner (TÜV) and possess the test procedure competence for § 8a BSIG. Our bread and butter business is performing penetration testing. We are also committed to promoting a broad understanding of IT security in Europe, which is why we offer the majority of our products free of charge.