"Attackers Find New Way to Exploit Google Docs for Phishing"

Researchers at the email and collaboration security firm Avanan have discovered a new method that attackers are using to trick victims into visiting malicious phishing websites via Google Docs. The attack begins with the threat actor sending an email, based on a likely topic of interest or relevance, to potential victims. The email comes with a link that directs the user to a Google Docs page with what seems to be a downloadable document. Although the page appears to be a typical Google Docs page for sharing documents outside the organization, it is actually a custom web page designed to look like a legitimate Google Docs page. The link to download the document redirects the user to a malicious phishing website that mimics the Google Docs sign-in page. This phishing website steals usernames and passwords entered by the victims. According to Gil Friedrich, CEO and Co-Founder of Avanan, this is the first time his company has seen Google Docs being used to render an entirely attacker-created web page. The Google Docs hack is one of the latest examples of the abuse of trusted cloud services such as Google Docs, AWS, and Microsoft Azure to host and distribute malicious content. New research from Proofpoint showed that growth in the adoption of cloud collaboration tools and services is accompanied by the increase in the abuse of such services. For example, in 2020, thousands of Proofpoint customers were targeted with around 60 million malicious messages via Microsoft Office 365 and 90 million messages sent or hosted on Google Cloud. This article continues to discuss the new way in which attackers are exploiting Google Docs for phishing and the increased abuse of trusted cloud services to send and host malicious content. 

Dark Reading reports "Attackers Find New Way to Exploit Google Docs for Phishing"