/cdn.vox-cdn.com/uploads/chorus_asset/file/24016885/STK093_Google_04.jpg)
/cdn.vox-cdn.com/uploads/chorus_asset/file/24808816/Starfield__The_Settled_Systems___Supra_Et_Ultra_____Starfield__The_Settled_Systems___Supra_Et_Ultra_2023_7_25_94252.263_1440p_streamshot.png)
Cyber security software company Check Point has identified a worrying new Google Docs phishing scam that is bypassing common detection measures to reach victims’ inboxes directly.
Researchers refer to phishing scams as an evolution of BEC (Business Email Compromise) 3.0, or malicious use of legitimate sites to gain access to a target’s mailbox.
Lots of companies favoring Google Workspace now office softwareThe prospect of this scam reaching workers is particularly troubling.
google drive phishing scam
Analysts say all a threat actor has to do is create a Google document. Inside the file, they can launch any type of attack they want, including phishing links and URLs that redirect to malware.
From there, the document needs to be shared with the victim through the normal Google Drive sharing process. Since the email then comes through the actual Google email address and domain and not the scammer’s, it is less likely to be recognized by victims as an attack.
Furthermore, detection and prevention tools are also more likely to rely on emails from genuine services such as Google.
Check Point says that this type of BEC attack uses a form of social engineering, taking advantage of a trusted service provider (in this case, Google) and a trusted process (document sharing).
Google was reportedly notified of the discovery as early as July, but the company did not immediately respond to our request to share more details about how it is protecting users from such increasing attacks.
In the meantime, Checkpoint advises security professionals to implement new and advanced measures that use artificial intelligence to recognize multiple phishing indicators. File scanning software like URL Security is also a good idea.
