phishing google docs

Google Docs: Phishing tool in spite of itself?

With its easy handling, Google Docs has become one of the most used collaborative tools in the world. According to the latest estimates established in 2018, this word processing utility has no less than a billion users. According to the latest discovery from the Avanan company, these are many people who could be victims of phishing. Below are the explanations.

Is phishing using Google Docs possible?

As one of the leaders in the digital market, the Alphabet group has made cybersecurity its strength. Google, one of its subsidiaries, is therefore well armed to prevent its services from being hijacked by cybercriminals. But this is not without counting on the ingenuity of hackers. According to Avanan, a company that specializes in securing cloud services, hackers can set up a pretty elaborate phish using Google Docs.

To do this, the malicious person will simply have to open a Google account to produce a Google Doc document. He will simply have to cite his target in the comments using an at sign. Google will then send a notification email to the inbox of the principal concerned. The latter will then believe that one of his collaborators mentioned it in a shared document. If he is not careful, he will click on the link in the comments. Which will land him on a disguised page. The victim can thus enter their credentials, provide sensitive information such as banking details or download malware.

A serious threat

This scenario can appear shaky in many aspects. However, for a person working within any organization, Google Docs is a relatively common tool. Avanan even took his research a little further. Apparently, the hacker’s email does not appear. However, he can enter the name of his choice. This leaves him with the possibility of usurping the identity of a person attached to the target company.

A lire également  Edward Snowden is categorical that the Health Data Hub puts our personal data at risk

Furthermore, you should know that this practice does not only concern Google Docs. You can also implement such a stratagem using Google Slide. So far Avanan maintains that this type of new type of attack mainly targets Outlook users. The company also identified more than a hundred Google accounts used by cybercriminals for phishing purposes.

At this time, it is impossible for us to indicate the extent of this problem. However, Avanan reports that to date 500 phishing attempts using this method have been detected within around thirty structures that rent its services. This phenomenon is expected to become more widespread over time, although to date it only concerns companies established on the other side of the Atlantic.