Attackers are abusing the comment feature in Google Docs to spread malicious emails.
The comment feature helps people collaborate on the same documents. Attackers add a comment to a Google document and then mention the target by typing the @ icon followed by an email address.
The full comment contains a malicious link that can cause a malicious infection once activated.
The phishing attack was discovered by Avanan in December 2021 and targeted more than 500 mailboxes in 30 different organizations.
The attackers used more than 100 Gmail accounts to carry out their nefarious activities. Microsoft Outlook users and recipients of other email platforms have been on the receiving end of the attack.
To protect users from this phishing campaign, Avanan gave them tips to follow, including cross-referencing email addresses before clicking on them, checking links and looking for grammatical errors.
Others involve contacting the actual sender for confirmation and ensuring that users and their organizations have strong security protections.
For more information, read the original story in TechRepublic.