The Comments feature in Google’s word processing application allows hackers to trick users into carrying out phishing operations.
Here is one of the novelties inaugurated at the end of 2021: the use of the Google Docs comment function to carry out operations of published a report which describes this practice allowing to pass quietly through the mesh of the safety nets of Google. Concretely, the hacker will create a Google account and generate a document . In the Comments, he will mention his target by tagging it with an @. Google is then fooled and will send a notification email to the target’s inbox. The victim is then informed that another user has commented on a document and mentioned it. Crédule, the person will then click on the comment link. This will lead him into the phishing trap by entering identifiers on a fake web page, or by downloading a .. The company of
A new phenomenon
If it works, it is because the real email of the author of the comment does not appear, we only see a name and this allowsthe identity of a target contact easily. It should also be noted that the process is, in the same way, employed with the other tools of from Google. Avanan thus detected this kind of method via Google Slide, and other Google applications. Also according to the company, the perpetrators of the attack seem to favor Outlook users. They also detected over 100 Google accounts which are exploited by hackers. For the moment, this emerging phenomenon has generated around 500 notification messages in the mailboxes of around thirty organizations. This is only the beginning, but the innocuous aspect of the message makes the target tend to fall into the trap of quite easily.