How Google Docs Is Used For Scams |
Google Docs is one of the most important applications and tools that Google needs to make available. In addition to Microsoft Office packages, the company offers applications for creating and editing slide files and tables.
A scam called "Google Docs Worm" has spread. Hackers, relying on certain apps and tools, and relying on the service use them to deceive users.
These attacks are becoming more effective because they come from people the users do not suspect. These are usually friends or family members. Due to infection by this attack, the user account automatically shares amalgam files with others. The attack allowed the informant to link the victim's Google account to a custom application he developed that would allow him to access the account's data and files.
When these attacks first appeared in 2017, they successfully targeted more than 1 million Google accounts before the company took control. But the same attacks reappear, and Google's solution to containing them for the first time does not seem sufficient this time.
Phishing attacks through Google Docs
Security expert Matthew Bryant stated that the attacks were successful because they tried to convince users that they were offering new features and functionality that Google had already made available to users.
According to a recent study, hackers have succeeded in creating fake Google-like pages and documents to announce new updates or new features more than once.
Hackers take advantage of the simple and intuitive design of Google Workspace with more than 2.6 billion users and free Google services (such as Docs, Google Drive storage, etc.).
Bryant believes that the best way to solve all of these problems is to redesign parts of Google's services. But it is not easy. As mentioned earlier, the first Google Docs worm relied on accessing user information by associating the user's account with external services and applications.
However, Google later made it difficult to assign an account to a service. In order to limit the initiation of this attack, Google forced the developers of these secondary applications to accept a full review of the company for more than 100 users.
In general, Google allows the development of tools and add-ons for Google Docs and most of its other services in order to increase the functionality and functionality of its services according to the needs of users (especially professionals).
Kobe discovered another vulnerability that hackers could exploit, which is replacing the word "edit" with the word "copy" at the end of every Google Docs link. In this case, after opening the link, the recipient will have to make a copy of the file.
If the file is checked out and the recipient trusts the sender, they will most likely make the copy without any problems. Therefore, it becomes the owner of the new file that is still merging. Then the document is sent to others in the same way.
Of course, Google will fix these issues soon. However, we recommend opening documents shared with you only if necessary. You can also temporarily share the document as a regular Word file.