Science & Technology News

2022-01-09 13:33:31+00:00

Hackers found a way to spread phishing links on behalf of Google through comments on Google Docs

According to Bleeping Computer, information security experts from the Avanan company since December last year began to record the massive use of a new trick by cybercriminals. They found a way to target phishing links through comments on Google Docs. In this case, the user receives an email notification with a malicious link on behalf of Google. This mailing list, as a trusted one, is passed by anti-virus mail scanners and corporate security systems.

The new phishing attack turned out to be very simple. To do this, they use a database available to them with the names of Google user accounts. Hackers under different accounts create documents in the Google Docs service. In it, the attackers create comments, where various users are indicated through the insertion of special markup "@_account_name_in_Google". A phishing link or other information is also inserted into these comments.

Avanan recorded such a mailing from more than 100 Google accounts created by cybercriminals. Their comments with phishing links were sent to more than 500 inboxes belonging to 30 companies. According to information security specialists, this trick also works in Google Slides and other systems of the Google Workspace service.

After creating such a document, Google, on its behalf, sends an email to the user mentioned in the comment, including the full text from the attackers with a phishing link. Google is the sender of this email, not the cybercriminals. Some users do not perceive such messages as a threat and follow the links in the letter.

An example of such a mailing from the Google Slides service, which corporate protection missed.

Google is aware of this problem. The company is developing a way to close this vulnerability. In October, following the notification of the vulnerability by Avanan, Google already tried to restrict forwarding in the comments of links, but was unable to completely close the possibility of sending them.

Avanan explained that they consider this phishing scheme dangerous and warn users and system administrators to not only check the email sender's address, but also its content. They advise you never to follow the links inside such emails from Google. Avanan expects that Google will soon close the abuse of the commenting system in Google Docs services.

bbabo.Net

The Foreign Ministry assessed the risk of disconnecting Russia from SWIFT
There are no real prospects for disconnecting Russia from SWIFT. Dmitry Birichevsky
The Ministry of Finance told how to protect against withdrawing money through a smartphone
Olga Daineko, an expert at the Financial Literacy Center of the NFI of the Ministry of Finance of Russia
Argentina says Sputnik V outperforms Pfizer
Argentine epidemiologist Gabriela Piovano spoke about the advantages of the Russian drug for coronavirus
Lithuania responded to accusations of attempts to attack Belarus with drones
Belarus (bbabo.net), - The drone attack on Belarus by Lithuania is “disinformation

Science & Technology News

Hackers found a way to spread phishing links on behalf of Google through comments on Google Docs

The Foreign Ministry assessed the risk of disconnecting Russia from SWIFT

The Ministry of Finance told how to protect against withdrawing money through a smartphone

Argentina says Sputnik V outperforms Pfizer

Lithuania responded to accusations of attempts to attack Belarus with drones