Does your organization use Google Docs to accomplish work? Do you frequently send and receive documents to and from people outside of your organization? If you answered âyes,â then you might be at risk for another new phishing scam that exploits another familiar tool that your team is accustomed to working with every single day.
Recently, cybercriminals have been producing malicious phishing websites that look identical to the Google login page that weâre all very familiar with and hiding them behind false, yet convincing, invitation emails and landing pages.
Hereâs how it works.
First, a person might receive an email from what they believe to be a trusted source directing them to a Google Docs link that looks like the ones youâve received countless times before.
After clicking the link, they are directed to a custom HTML page that looks like another familiar Google Docs share page. That page will lead the person to âClick here to download the documentâ to which they think they are receiving access.
Once that second link is clicked, they will be directed to a login page that has been made to look like the Google login portal. However, itâs here that they will find the actual malicious site where their credentials are to be compromised.
Get a more in-depth look at these types of attacks and how they are created here: Attackers Take Advantage of New Google Docs Exploit
This is another prime example of how phishing targets users by exploiting their trust in a source that would otherwise be trustworthy. Attacks like these prove all tools (even the ones that you think are the most secure) can be made a target and that we should always assume cybercriminals can compromise anything in the absence of our constant vigilance.
Do you want to make your teamâs vigilant ability to recognize bad content razor-sharp? Add awareness training to your cybersecurity mix, and youâve got a team that canât be fooled, no matter how convincing the phishing attacks that they encounter might be.