Attackers using Google Docs Comment field for Phishing Attacks
Date of Notice: 1/7/2022
Action Level - Informational
Description
Attackers are once again using the Google Docs comment function to send phishing emails and malicious links to users. This attack vector is appealing because the attacker can create a Gmail account and set their name to whatever they desire, permitting targeted attacks. Further, the email will come from
comments-noreply[@]docs[.]google[.]com, preventing educated users from verifying the email came from a trusted sender.
Take this time to remind users to avoid clicking links or opening attachments in emails unless they are from a trusted and verified sender. Users can verify a sender by calling them or sending a text or IM. If a user can’t determine the origination of an email, or the email contains something related to a task they aren’t involved in or otherwise shouldn’t have permission to access, they should default to reporting it as spam.