Hackers exploiting Google Docs, Outlook users face risk

New Delhi: Cyber security researchers have warned that hackers are sending malicious links through comments in Google apps such as Docs and Slides primarily to Outlook users.

US-based enterprise cybersecurity company Avanan says hackers are using Google Docs' productivity features to slip malicious links past spam filters and cyber security tools.

In June last year, Avanan reported on an exploit in Google Docs that allowed hackers to easily deliver malicious phishing websites to end-users. Now, hackers have found a new way to do the same thing.

"Starting in December 2021, Avanan observed a new, massive wave of hackers leveraging the comment feature in Google Docs, targeting primarily Outlook users," said researcher Jeremy Fuchs. The comment feature across the Google suite has become an attack vector for hackers, he claimed in a report. Avanan notified Google of this flaw on January 3.

Also read | Amid Covid surge, Jaipur Literature Festival postponed

In one such attack, hackers add a comment to a Google Doc. The comment mentions the target with an '@'. By doing so, an email is automatically sent to that person's inbox. "In that email, which comes from Google, the full comment, including the bad links and text, is included. Further, the email address isn't shown, just the attackers' name, making this ripe for impersonators," said the report that came out on Thursday.

To guard against these attacks, before clicking on Google Docs comments, users should cross-reference the email address in the comment to ensure it's legitimate.

Also read | Timeline of PM Narendra Modi's 'security lapse'; read details

-PTC News