Disclaimer: We may earn a commission if you make any purchase by clicking our links. Please see our detailed guide here.

Follow us on:

Google News

Hackers Exploiting Google Docs, Outlook Users at Most Risk

Rahul Bhagat
Rahul Bhagat
Rahul Bhagat is a Digital Marketer and strategist with more than 7 years of experience in Marketing, SEO, Analytics, Marketing Automation and more.

Join the Opinion Leaders Network

Join the Techgenyz Opinion Leaders Network today and become part of a vibrant community of change-makers. Together, we can create a brighter future by shaping opinions, driving conversations, and transforming ideas into reality.

Hackers are sending malicious links through comments in Google apps like Docs and Slides primarily to Outlook users — a known vulnerability that has not been fully closed or mitigated by Google since last year, cyber-security researchers have warned.

According to US-based enterprise cybersecurity company Avanan, hackers are increasingly using Google Docs’ productivity features to slip malicious links past spam filters and cyber security tools.

In June last year, Avanan reported on an exploit in Google Docs that allowed hackers to deliver malicious phishing websites to end-users easily. Now, hackers have found a new way to do the same thing.

“Starting in December 2021, Avanan observed a new, massive wave of hackers leveraging the comment feature in Google Docs, targeting primarily Outlook users,” said researcher Jeremy Fuchs.

The comment feature across the Google suite has become an attack vector for hackers, he claimed in a report.

Avanan said it notified Google of this flaw on January 3, via the report phish through the email button within Gmail.

Google was yet to react to the report.

In one such attack, hackers add a comment to a Google Doc. The comment mentions the target with an ‘@’. Doing so automatically sends an email to that person’s inbox.

In that email, which comes from Google, the full comment, including the bad links and text, is included. Further, the email address isn’t shown, just the attackers’ name, making this ripe for impersonators, – the report that came out on Thursday.

“In this email attack, hackers found a way to leverage Google Docs, and other Google collaboration tools, to send malicious links. We primarily saw it target Outlook users, though not exclusively. It hit over 500 inboxes across 30 tenants, with hackers using over 100 different Gmail accounts,” it elaborated.

To guard against these attacks, before clicking on Google Docs comments, users should cross-reference the email address in the comment to ensure it’s legitimate.

“Utilise standard cyber hygiene, including scrutinising links and inspecting grammar and deploy protection that secures the entire suite, including file-sharing and collaboration apps,” said the researchers.


Partner With Us

Digital advertising offers a way for your business to reach out and make much-needed connections with your audience in a meaningful way. Advertising on Techgenyz will help you build brand awareness, increase website traffic, generate qualified leads, and grow your business.

Power Your Business

Solutions you need to super charge your business and drive growth

More from this topic