2021 / Awareness / Google / Phishing

Google Docs comment function is used for phishing attacks

Google Docs comment function is used for phishing attacks

Google Docs – simple spreadsheet as well as a word processor in the web browser. Practical, free of charge and also therefore interesting for criminals. In fact, Google’s environment is currently being used for phishing attacks. Particular emphasis is placed on the comment function. Text lines can be marked and provided with a note, for example.

As soon as a comment is set in the document, a corresponding notification e-mail goes out. The email then shows the document, the comment and the broken link.

Google Docs as a springboard for phishing campaigns

Anyone who places an “@” sign followed by the user name or e-mail in a text or table can write a comment. This content is sent from a Google domain to the corresponding one. This step is the critical one – because Google’s reputation and trust is used to motivate a click on the part of the victim.

Blacklisting a Google domain or IP addresses brings spam protection, but it can bring other unpopular features. After all, Google has long been more than just a search engine.

Free account, anonymous login, email service by Google

In the phishing attack with the help of Google Docs, a lot of things come together that are interesting for criminals:

  • Accounts can be registered anonymously
  • Reputation through the provider is available
  • The provider sends e-mails in its own name

Thus, an attacker can now go therefore, open a document and now write a comment. The placed link leads the victim to the desired page of the criminal. Using the names of friends or acquaintances can increase the likelihood of a click. At this point, an OSINT search is usually used.

The fatal thing is that the victim himself does not need to access the Google Doc document. Since the comment incl. link is included in the email from Google, all you need to do is click on the link from within the email. Therefore, checking the document is also omitted – it is simply not necessary to call it.

At this point, it should be mentioned that this procedure is also possible in Google Slides and Google Presentations. The bottom line, however, is that the spreadsheet and text program is the more frequently used software.

Photo of author

Chris Wojzechowski

Mein Name ist Chris Wojzechowski und ich habe vor wenigen Jahren meinen Master in Internet-Sicherheit in Gelsenkirchen studiert. Ich bin geschäftsführender Gesellschafter der AWARE7 GmbH und ausgebildeter IT-Risk Manager, IT-Grundschutz Praktiker (TÜV) und besitze die Prüfverfahrenskompetenz für § 8a BSIG. Unser Brot und Buttergeschäft ist die Durchführung von Penetrationstests. Wir setzen uns darüber hinaus für ein breites Verständnis für IT-Sicherheit in Europa ein und bieten aus diesem Grund den Großteil unserer Produkte kostenfrei an.