About us

Certifications

Memberships

Commitment

Industries

PRESS

Career

Contact us

2021 / Awareness / Google / Phishing

Google Docs comment function is used for phishing attacks

Google Docs comment function is used for phishing attacks

Google Docs – simple spreadsheet as well as a word processor in the web browser. Practical, free of charge and also therefore interesting for criminals. In fact, Google’s environment is currently being used for phishing attacks. Particular emphasis is placed on the comment function. Text lines can be marked and provided with a note, for example.

As soon as a comment is set in the document, a corresponding notification e-mail goes out. The email then shows the document, the comment and the broken link.

Google Docs as a springboard for phishing campaigns

Anyone who places an “@” sign followed by the user name or e-mail in a text or table can write a comment. This content is sent from a Google domain to the corresponding one. This step is the critical one – because Google’s reputation and trust is used to motivate a click on the part of the victim.

Blacklisting a Google domain or IP addresses brings spam protection, but it can bring other unpopular features. After all, Google has long been more than just a search engine.

Free account, anonymous login, email service by Google

In the phishing attack with the help of Google Docs, a lot of things come together that are interesting for criminals:

  • Accounts can be registered anonymously
  • Reputation through the provider is available
  • The provider sends e-mails in its own name

Thus, an attacker can now go therefore, open a document and now write a comment. The placed link leads the victim to the desired page of the criminal. Using the names of friends or acquaintances can increase the likelihood of a click. At this point, an OSINT search is usually used.

The fatal thing is that the victim himself does not need to access the Google Doc document. Since the comment incl. link is included in the email from Google, all you need to do is click on the link from within the email. Therefore, checking the document is also omitted – it is simply not necessary to call it.

At this point, it should be mentioned that this procedure is also possible in Google Slides and Google Presentations. The bottom line, however, is that the spreadsheet and text program is the more frequently used software.

Photo of author

Chris Wojzechowski

Mein Name ist Chris Wojzechowski und ich habe vor wenigen Jahren meinen Master in Internet-Sicherheit in Gelsenkirchen studiert. Ich bin geschäftsführender Gesellschafter der AWARE7 GmbH und ausgebildeter IT-Risk Manager, IT-Grundschutz Praktiker (TÜV) und besitze die Prüfverfahrenskompetenz für § 8a BSIG. Unser Brot und Buttergeschäft ist die Durchführung von Penetrationstests. Wir setzen uns darüber hinaus für ein breites Verständnis für IT-Sicherheit in Europa ein und bieten aus diesem Grund den Großteil unserer Produkte kostenfrei an.

AWARE7 GmbH

Munscheidstr. 14
45886 Gelsenkirchen

Tel. +49 (0) 209 - 8830 6760
Fax. +49 (0) 209 - 8830 6769
Mail info@aware7.de

Opening hours
Monday - Friday
8:00 - 17:00

COMPANY

About us

Certifications

Memberships

Commitment

Code of Conduct

Career

Contact us

AWARENESS

Live Hacking Show

Managed Phishing Simulation

RESOURCES

IT-Security Blog

Media package

Success Stories

OFFENSIVE SERVICES

Penetration test

Vulnerability scan

IT security emergency

360° SME analysis

CONTACT

Contact form

Call for proposal (CfP)

CONSULTING

ISMS consulting

External information security officer

Imprint Privacy policy
Directions

All prices incl. VAT.