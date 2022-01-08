



Hackers are targeting Google Docs users with attacks that send malicious links via the comment feature.

A new report by email security company Avanan outlines how cybercriminals are misusing Google Docs.

In December 2021, Avanan noticed a “new massive wave” of hackers, primarily targeting Outlook users, using the comments feature.

Cybercriminals use the comment feature of Google Docs to force users to click on malicious links.

When another user comments on the document in Google’s free word processor, an email is sent to the user.

In an attack, scammers target users by tagging them with Google Doc comments and adding malicious links to the comments.

Victims receive an email alert about comments that display only their name. The scam is “ripe” to the spoof because the email address is not displayed.

When clicked, the link will prompt you for malware infection.

Avanan said this email attack is useful for two basic reasons.

First, use legitimate Google email notifications that your users trust.

Second, the email uses the display name created by the hacker, not the email address. This is difficult for anti-spam filters to determine.

This means that the criminal can trust the comments in Google Docs by impersonating someone you know.

Moreover, it is a shortcut to reach potential victims. Tag someone in the comment and an email notification will be sent to the victim’s inbox.

Avanan said he warned Google of the problem on January 3rd.

How to protect yourself from fraud

Avanan shared some tips for Google Docs users in the report.

Before clicking the comment link in Google Docs, cross-reference the email addresses in the comment to make sure they are legitimate. Use “standard cyber hygiene” such as link scrutiny and grammar inspection. If you’re not sure, contact the actual sender to make sure you intended to send the document. Take advantage of protection that protects your entire suite, including file-sharing and collaboration apps.

