From previous reports, threat actors were seen exploiting the Google Docs email alerts feature to spread phishing scams against users. This issue has made Google release an important fix to help users identify an email phishing attempt leveraged through Google Docs notifications.
Google Workspace’s Docs app has long presented its alerts feature wherein users can mention other users by tagging them on comments using the ‘@’ key, sending the alert on the recipient’s Gmail inbox. However, hackers have found a way to exploit this feature by attaching malicious links to the comments sent to the recipients.
This attack method has worked, especially since the alerts sent to the victims’ inboxes do not show the sender’s email address. Since the email alert does not show the sender’s real email address, the receiver could easily mistake it as an alert from someone they know, such as their work colleagues.
Furthermore, the email alerts will display the full context of the comment, including the attached malicious links that can harm the recipient.
To resolve this issue regarding phishing scams, Google has released a fix wherein the email address of users who mention people via Google Workspace apps will now be displayed on the email alerts.
Google stated that the update would help users identify all Google Workspace apps alerts if they came from a trusted sender or phishing scam attempts from malicious threat actors. The update applies to Workspace clients with the legacy G Suite Basic and Business plans and users with personal Google accounts.
Aside from Gmail users, Google highlighted that the update would also help Microsoft’s Outlook users since studies found that most phishing scams attacks were targeted towards Outlook.
Additionally, the update highlights Google’s action against information leaking within organizations. Workspace admins can now review and monitor Drive audit logs in and out of their companies, including all contents created from Docs, Sheets, and Slides apps.
All activities happening in an organization that fully utilises Google Workspace can be strictly monitored by admins since these activities will be posted and reported in the Drive audit logs.
