Sophisticated Google Docs Phishing Scam Explained

Google Docs is a very popular alternative to Microsoft’s word processing application Word. Not only is it free (a user simply needs a Gmail account to get started), but it also offers more collaboration options for colleagues to combine efforts when working on the same document. As opposed to the application-based setup used for Word, Google Docs is accessible by users through their internet browser or a smartphone app. Unfortunately, the involvement of the Internet in the Google-based typing program has made it an attractive delivery method for cyber criminals to perpetrate their attacks. 

A More Complex Phishing Scam 

A new phishing scam involves malicious actors creating a Google Doc, in which they place a cyber attack. Many attackers are opting to include fictitious links that direct a user who is duped by the fake document to malware. When the infected Doc is shared with other users, it sends them a legitimate email from Google stating that the user has a new document that has been shared with them. This email is what makes the Google Doc phishing scam so much more complex than the run of the mill phishing scam. Usually, a phishing scam is in the form of an email or even a text and involves the recipient being sent something from an unrecognized email address or number – which the cybercriminal will usually try to make look similar to a legitimate email address (e.x. “customersupport@wallmart.org” for a phisher trying to present themselves as a Walmart customer service representative) or even masking their number with a fake one to make it appear as though they are calling from a certain business. With this particular scam, the initial communication sent to the victim is from a legitimate source - Google. This also makes the scam undetectable for cyber security prevention tools to discover the attack, making it especially tricky to deal with.

Protecting Your Team

This phishing scam is particularly worrying as many businesses have adopted the Google Workspace for use across their work teams. This poses a direct threat to businesses using this service for their collaboration. 

Educate employees on basic phishing scam signs such as poor grammar, unknown senders, or an urgent tone to the message. For the Google Docs phishing scam specifically, be sure that your employees pay close attention to the information in the initial email from Google stating that something was shared with them. If they were not expecting any communication, tell them to disregard the email. If they are unsure if the file is legitimate or not, have them go to their Google Drive under the Shared With Me folder and the name of the individual who shared it with them will be listed next to the file. If this is an unknown person, they should not click on the file. For an added layer of security, have employees contact the sender of a shared Doc by some other means of communication - face-to-face, over the phone, or via text or email - to confirm that that individual did in fact share something with them. Though it may take up a little more time to take these steps upon receipt of a new file, it will add a significant amount of protection to your enterprise. 

Image by rawpixel.com for Freepik.

‍