Google fans are warned of a shocking new tactic used by cyber thieves to steal your personal information, including your password. The new attack is most likely to hit those who rely on Google Docs as fraudulent emails with fake links to documents are distributed in order to trick unsuspecting users into revealing their credentials.
The threat, which could wreak havoc on those who rely on a Google email address to reset passwords for other online accounts like Amazon, PayPal, or online banking, has been recognized by the Avanan’s team. The attack is pretty simple, but hugely effective.
It starts with an email that lands in your inbox with a link to a Google Doc. Once clicked, a Word document will appear in an official-looking Google Docs window. You will then be prompted to download the document for offline viewing, with this link taking you to a Google Account sign-in window.
Of course, Google Docs never requires users to download the file before they can view it – and you probably won’t have to sign in again if you were using Gmail a few seconds earlier when you clicked the link. No, this is a clever trick to trick people into entering their email and password combination into a fraudulent login screen – and giving the details straight to the hackers.
READ MORE: Google will be forced to make a big change to all Android smartphones this summer
Avavan says hackers bypass static link scanners by hosting their attacks on publicly known services. The security team says this has been seen in the past with small services like MailGun, FlipSnack, and Movable Ink, but this is the first time they have seen it through a large service like Google Drive / Docs.
Avanan’s analysts also discovered the same attack vector that was used to forge a DocuSign phishing email. If you are unsure of where an email came from, experts advise never clicking links or downloading documents as they could contain malware.
It’s worth changing the password associated with your Google account, especially if you think you clicked one of these fake Google Doc links.
Commenting on the attack, Hank Schless, Senior Manager Security Solutions at Lookout, said: “This incident shows how easy it is to create a compelling phishing site. You don’t need to be a skilled software engineer to do this. Combining this tactic with social engineering could create a very compelling campaign where the attacker can pull personal or corporate credentials through.
“Threat actors know that stealing legitimate credentials is the best way to discreetly break into a company’s infrastructure. Since most companies use either Google Workspace or Microsoft 365 as their main productivity platform, attackers create phishing campaigns that target these services with these credentials and can log into the cloud platform on which they build their campaign. There is no limit to the data they can exfiltrate. “
This isn’t the first time scammers have used Google Docs to steal data. As early as 2017, Google warned users of a dangerous phishing attack that gave hackers access to the entire content of their Google accounts, including email, contacts and online documents.