The attackers begin by creating a seemingly innocuous Google Doc, which acts as a host for their malicious payload. Within the document, they can embed dangerous phishing links and URLs that ultimately lead to malware-infested websites.
Once the trap is set, the scammer shares the infected document with the victim through the typical Google Drive sharing process.
This phishing scam is particularly deceptive because the email appears to originate from a genuine Google email address and domain, not from the attacker.
Detection and prevention tools are more likely to trust emails from known services like Google. Essentially, the attackers exploit the trust users have in the Google brand and the confidence in the document-sharing process.
Google’s Response
Check Point informed Google about their findings earlier this month. Google has not disclosed its response or shared additional information about measures to protect users from evolving attacks.
Security professionals are advised to adopt advanced cybersecurity measures. Artificial intelligence can also be pivotal in spotting multiple phishing indicators and identifying suspicious behavior.
