Cybersecurity software company Check Point has identified a worrying new Google Docs phishing scam that is bypassing usual detection measures to get straight into victims’ inboxes.
The researchers refer to the phishing scam as an evolution of BEC (business email compromise) 3.0, or one that maliciously uses legitimate sites to get access to a target’s mailbox.
Google Drive phishing scam
Analysts say that all a threat actor needs to do is create a Google Doc. Inside the file, they can place any sort of attack they desire, including phishing links and URLs that redirect to malware.
From there, the Doc just needs to be shared with a victim via the typical Google Drive sharing process. Because the email then arrives via a genuine Google email address and domain, and not one that belongs to the scammer, victims are less likely to identify it as an attack.
Furthermore, detection and prevention tools are also more likely to trust emails from genuine services like Google.
Check Point says that this type of BEC attack uses a form of social engineering, leveraging a trusted service provider (in this case, Google) and a trusted process (document sharing).
Google was reportedly informed about the discovery earlier in July, but the company did not immediately respond to our request to share more information about how it is protecting users against evolving attacks such as this one.
In the meantime, CheckPoint advises security professionals to implement new and advanced measures that use artificial intelligence to spot multiple phishing indicators. File scanning software is also a good idea, as is URL protection.