Are you a user of Google Documents aka Google Docs? Then you might have become a victim to a spear-phishing scam that steals people’s login credentials.
As per a research carried out by New York based email security company Avanan, hackers are pasting fraudulent comments in documents and luring the victim to click on a link that asks for their username and password. They then use the credentials to break into the Google account to steal vital information.
The most concerning fact about the issue is that it has already targeted over 500 inboxes so far and the count is still on…. as most of the services offered by Alphabet Inc’s subsidiary can be accessed using a single login username and password.
Initially, the attack was purported towards Microsoft 365 users and later the hackers leveraged the same on publicly available Google Docs or Google Drive databases- especially those drives that help keeping a daily count of Corona Virus Omicron cases in various hospitals and clinics operating in whole of United States.
Avanan argues the tactics used to trick users are classy as the victim receives the full comment filled with bad links and malicious texts albeit the senders email address that remains concealed- making it hard for the spam filters to judge and extremely difficult for the victim to identify the threat in advance.
The only way to avoid falling prey to such attacks is by double checking whether the email sender is in actual a known person and by avoiding clicking on email links sent by unknown senders and deploying email security measures to avoid troubles.