Threat actors are exploiting multiple Google products to scam victims for potential account takeovers. Fraudsters have been exploiting Google Docs to spread malware and harvest credentials. Since December 2021, security researchers at Avanan have observed a massive campaign of threat actors exploiting the comments feature in Google Docs to target victims. The attacks have mostly been observed targeting Outlook users. The attack begins with fraudsters creating a legitimate Google document and adding comments that tag the intended target’s email address. The victim’s inbox then receives an actual email from Google inviting them to click and view the comment. This technique presents challenges to traditional email defenses since the email comes directly from Google and is less likely to be blocked by anti-spam filters. Secondly, the threat actor’s actual email address is not displayed, so all users see is a name they presumably trust. Users can protect themselves by not clicking on suspicious links and reaching out via a secondary channel of communications to email requests. Read more at TripWire.
Last week, the FBI warned that scammers were targeting Google Voice accounts. The scammers are contacting individuals who posted their phone number, typically on an online marketplace. The scammer asks to send the victim an authentication code and then asks the victim to repeat the code to them. According to the FBI, “What he is really doing is setting up a Google Voice account in your name using your real phone number as verification. Once set up, he can use that Google Voice account to conduct any number of scams against other victims that won’t come back directly to him. He can also use that code to gain access to, and take over, your Gmail account.” Read more at Bleeping Computer.