Check Point, a leading cybersecurity software company, has recently flagged a concerning new phishing scam targeting Google Docs users. The scam is particularly worrisome as it manages to bypass conventional detection measures, gaining access to victims’ inboxes.
Referred to as an evolution of Business Email Compromise (BEC) 3.0, this malicious scheme exploits legitimate websites to gain unauthorized access to a target’s mailbox. As an increasing number of companies adopt Google Workspace’s office software, the potential reach of this phishing scam becomes especially troubling.
The mechanics of the attack are relatively straightforward. The threat actor creates a Google Doc and embeds various types of attacks within it, including phishing links and URLs that lead to malware. The document is then shared with the victim using the standard Google Drive sharing process. Since the email appears to be from a genuine Google email address and domain, victims are less likely to recognize it as an attack.
Another challenge is that detection and prevention tools are more inclined to trust emails from reputable services like Google, adding an additional layer of complexity to identifying and blocking such attacks.
Check Point’s analysis reveals that this type of BEC attack relies on social engineering techniques, leveraging the trust associated with a well-known service provider (in this case, Google) and a familiar process like document sharing.
In July, Check Point informed Google about the discovery. However, Google has yet to provide additional information on how it plans to protect its users against this evolving threat.
In response to this emerging phishing scam, Check Point advises security professionals to deploy new and advanced measures that utilize artificial intelligence to identify multiple phishing indicators. Additionally, implementing file scanning software and URL protection can bolster defenses against such attacks.
