Google Docs phishing scams are on the rise - here’s what you need to know

Google Docs scam will fool most threat detection tools

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurity software company Check Point has identified a worrying newGoogle Docsphishing scam that is bypassing usual detection measures to get straight into victims’ inboxes.

The researchers refer to thephishingscam as an evolution of BEC (business email compromise) 3.0, or one that maliciously uses legitimate sites to get access to a target’s mailbox.

With so many companies now favoringGoogleWorkspace’soffice software, the scam’s potential for reaching workers in especially troubling.

Google Drive phishing scam

Analysts say that all a threat actor needs to do is create a Google Doc. Inside the file, they can place any sort of attack they desire, including phishing links and URLs that redirect tomalware.

These are the best firewall choices to stay safe>Watch out - that urgent PayPal email could be a phishing scam>Watch out - that unexpected Microsoft alert could well be a phishing attack

From there, the Doc just needs to be shared with a victim via the typical Google Drive sharing process. Because the email then arrives via a genuine Google email address and domain, and not one that belongs to the scammer, victims are less likely to identify it as an attack.

Furthermore, detection and prevention tools are also more likely to trust emails from genuine services like Google.

Check Point says that this type of BEC attack uses a form of social engineering, leveraging a trusted service provider (in this case, Google) and a trusted process (document sharing).

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Google was reportedly informed about the discovery earlier in July, which it says is not a novel attack method, and as such, it already has strong protections to combat these types of tactics. A company spokesperson toldTechRadar Pro:

“We have numerous layers of protections that protect our users from this class of attack, such as built-in warnings in Docs, and automatic scans in Drive that block the vast majority of phishing attempts.”

In the meantime, CheckPoint advises security professionals to implement new and advanced measures that use artificial intelligence to spot multiple phishing indicators. File scanning software is also a good idea, as is URL protection.

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

LG Electronics sets ambitious B2B revenue goal to offset declining consumer demand

New fanless cooling technology enhances energy efficiency for AI workloads by achieving a 90% reduction in cooling power consumption

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics