Attackers using Google Docs Comment field for Phishing Attacks
Date of Notice: 1/7/2022
Action Level - Informational
Attackers are once again using the Google Docs comment function to send phishing emails and malicious links to users. This attack vector is appealing because the attacker can create a Gmail account and set their name to whatever they desire, permitting targeted attacks. Further, the email will come from
comments-noreply[@]docs[.]google[.]com, preventing educated users from verifying the email came from a trusted sender.
Take this time to remind users to avoid clicking links or opening attachments in emails unless they are from a trusted and verified sender. Users can verify a sender by calling them or sending a text or IM. If a user can’t determine the origination of an email, or the email contains something related to a task they aren’t involved in or otherwise shouldn’t have permission to access, they should default to reporting it as spam.