A new phishing scam called the “Google Docs worm” has spread all over the internet a few years ago of which it implements specific web applications to mimic the real Google Docs system and then request access to sensitive information such as emails and contact lists that can be found in Gmail user accounts. The said access requests will seem to authentically come from contact persons that the victim personally knows. Before being contained by Google, the worm has already affected millions of user accounts. Some researchers also report that even though Google has managed to mitigate the problem, it doesn’t mean that other new viral Google Docs scams will not emerge.
Researchers also report that even though Google has managed to mitigate the problem on Google Docs, it doesn’t mean that other new viral scams will not eventually emerge.
Additionally, attackers have found potential workarounds to overtake the enhanced Workspace security protections as per recent research. Some studies have also concluded that the problems concerning cyberattacks against Google Docs and Google Workspace are not theoretical, since a lot of different scams have been discovered to be using the same general approach in controlling the authentic Google Workspace features in creating a lot of phishing links and formulating techniques to fake landing pages in looking like a real one.
As an action to the potential risks that threaten the huge company, including the incident from 2017, Google has implemented more enhanced security restrictions on specific apps that integrate with Google Workspace.
Nevertheless, security researchers have found a loophole against the said enhanced restrictions that Google executed. Small applications can still operate with no notifications if a user receives an attachment from somebody inside a Google Workspace organization. A user is left to fully trust their colleague to not indicate warnings and alerts, which opens to potential phishing attacks.
Researchers also discovered other variations and workarounds that scopes the Google Workspace restrictions, including the application easily confusing a Google Workspace developer with a document owner. From here, if any internal documentation gets accessed by an attacker, they will have an opportunity to create an Apps Script, which will enable them to have rights and privileges that would seem to be entrusted to them by an internal user.
In connection to all of these, researchers strongly advise Google Workspace users to be aware of any documents or emails they receive and check with the sender if unsure why they receive such random documents or attachments.