Google Docs phishing scams are on the rise - here's what you need to know

News
By published

Google Docs scam will fool most threat detection tools

laptop with google suite icons displayed
(Image credit: Shutterstock)

Cybersecurity software company Check Point has identified a worrying new Google Docs phishing scam that is bypassing usual detection measures to get straight into victims’ inboxes.

The researchers refer to the phishing scam as an evolution of BEC (business email compromise) 3.0, or one that maliciously uses legitimate sites to get access to a target’s mailbox.

With so many companies now favoring Google Workspace’s office software, the scam’s potential for reaching workers in especially troubling.

Google Drive phishing scam

Analysts say that all a threat actor needs to do is create a Google Doc. Inside the file, they can place any sort of attack they desire, including phishing links and URLs that redirect to malware

Read more

> These are the best firewall choices to stay safe

> Watch out - that urgent PayPal email could be a phishing scam

> Watch out - that unexpected Microsoft alert could well be a phishing attack

From there, the Doc just needs to be shared with a victim via the typical Google Drive sharing process. Because the email then arrives via a genuine Google email address and domain, and not one that belongs to the scammer, victims are less likely to identify it as an attack.

Furthermore, detection and prevention tools are also more likely to trust emails from genuine services like Google.

Check Point says that this type of BEC attack uses a form of social engineering, leveraging a trusted service provider (in this case, Google) and a trusted process (document sharing).

Google was reportedly informed about the discovery earlier in July, which it says is not a novel attack method, and as such, it already has strong protections to combat these types of tactics. A company spokesperson told TechRadar Pro:

"We have numerous layers of protections that protect our users from this class of attack, such as built-in warnings in Docs, and automatic scans in Drive that block the vast majority of phishing attempts."

In the meantime, CheckPoint advises security professionals to implement new and advanced measures that use artificial intelligence to spot multiple phishing indicators. File scanning software is also a good idea, as is URL protection.

TOPICS
Craig Hale
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

Read more
Fraude en ligne phishing
Google forced to step up phishing defenses following ‘most sophisticated attack’ it has ever seen
Hacker Typing
This devious two-step phishing campaign uses Microsoft tools to bypass email security
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Everything you need to know about phishing
Paper craft illustration of a suspicious email that contains a snake
How to spot a phishing email
Fraude en ligne phishing
Phishing clicks nearly tripled in 2024 as criminals aim for smarter attacks
An iPhone sitting on a wooden table
Millions at risk as malicious PDF files designed to steal your data are flooding SMS inboxes - how to stay safe
Latest in Pro
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
AI quantization
What is AI quantization?
US flags
US government IT contracts set to be centralized in new Trump order
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Google Gemini AI
Gmail is adding a new Gemini AI tool to help smarten up your work emails
Latest in News
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
More about pro
Dell Pro Max with GB300

HP and Dell's latest Nvidia powered PCs are likely to be some of the most expensive workstations ever launched
AI quantization

What is AI quantization?
SDUNITED AX835-025FF mini PC

This mini PC with the incredible Strix Halo APU is yet another sign AMD may have given up on big brands for bleeding edge tech
See more latest
Most Popular
SDUNITED AX835-025FF mini PC
This mini PC with the incredible Strix Halo APU is yet another sign AMD may have given up on big brands for bleeding edge tech
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Dell Pro Max with GB300
HP and Dell's latest Nvidia powered PCs are likely to be some of the most expensive workstations ever launched
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser