intelligence background
Phishing attacks using trusted cloud services such as Google drive are on the rise. This attack method uses highly trusted cloud services to deceive victims' trust and bypass domain-based security policies.
Recently, Avanan has discovered a new email phishing method. Attackers use the comment function of Google docs to deliver phishing links. This article will analyze and judge the method of attackers using the comment function of Google docs to deliver phishing links in this attack. .
name of association
|
Unknown—|—Org ID
|
unknown affiliate
|
unknown related tool
|
no tactical tags
|
Initial Access Technology Tab
|
Phishing Email Gateway Bypasses Intelligence Sources
|
https://www.avanan.com/blog/google-docs-comment-exploit-allows-for-distribution-of-phishing-and-malware## 01 Attack Technology
Analysis
**Highlights: Use Google official mail to deliver phishing links**
As shown in the figure below, the attacker first creates a Google document using their Google account, then selects the comment text to send, and adds a document comment of "@ symbol victim mailbox".
Then, Google will send an official notification email to the target's inbox, as shown in the figure below, the sender address of the notification email is Google's official mailbox, which means that most mailboxes will not mark it as a malicious email .
When the victim opens the email from the inbox, the content of the notification email will only display the email name and inductive comment text constructed by the attacker, which makes it impossible for the victim to distinguish the real source of the email.
This technique of posting phishing links is also applicable to Google Slide and Google Workspace services. The picture below shows
posting phishing links using the comment function of google slides.
## 02 Summary
Using
cloud services such as Google to carry out phishing attacks is nothing new. However, unlike previous cloud service exploits, this phishing email relies on the high credibility of Google's official email address and can evade most existing email defense rules. Secondly, the words of this type of phishing email are very easy to forge, and the attacker does not even need the target to access the shared cloud document, because the content of the email itself is already quite confusing.
It is very easy to forge the words of this type of phishing email, and the attacker does not even need the target to access the shared cloud document, because the content of the email itself is already quite confusing.
at last
For students who have never been exposed to network security, we have prepared a detailed learning and growth roadmap for you. It can be said that it is the most scientific and systematic learning route, and it is no problem for everyone to follow this general direction.
At the same time, there are supporting videos for each section corresponding to the growth route:
Of course, in addition to supporting videos, various documents, books, materials & tools have been sorted out for you, and they have been classified into categories for you.
Due to the limited space, only part of the information is displayed. Friends in need can [scan the QR code below] to get it for free:
