Google Docs Found a Cunning Phishing Scam

Check Point software company revealed phishing scam inGoogle Docs”, which bypasses normal security measures and goes straight to the mailboxes of victims.

Researchers believe that this is a new type of Business Email Compromise (BEC), or an attack using compromise of business correspondence. Only now she uses official sites to gain access to other people's information.

The new scam works simply: an attacker creates a document and places any virus available to him in it, including phishing links and URLs that redirect to malware. Then shares the file via "Google Drive”, and the victim (from the database with account names accessible to the hacker) receives a notification with a malicious link on behalf of Google.

Since the email comes through a genuine Google address and domain, and not the one that belongs to the scammer, it is almost impossible to identify it as an attack, the researchers note. Additionally, antivirus email scanners are also more likely to trust emails from official services (Google in this case).

The corporation has not yet responded to this vulnerability. To avoid becoming a victim of such a phishing attack, experts recommend not clicking on links inside such emails from Google and using programs to scan files.