Hackers are Using Google Docs (and other Cloud Services) to Attack Users

by Compudata | Monday, January 24th, 2022

There are many ways that hackers have attempted to subvert the advanced security precautions implemented by enterprises and small businesses alike, but some of the more recent and crafty ones include sending threats through seemingly legitimate sources, like social media. The latest in this string of attacks includes Google Docs, and it is problematic for a number of reasons.

Essentially, what happens is that the hacker places a malicious link in a Google Docs comment and uses the @ symbol to directly ping the target through a targeted email. Since the email comes directly from Google Docs, users may not have any reason to suspect that it could be malicious in nature. This particular strategy was observed by Avanan, which reported it on their blog. The attacks themselves are carried out using Google Docs and Google Slides, and are often leveraged against users of Microsoft Outlook.

These attacks are generally quite successful because of how easily they can bypass spam filters. Since Google is a well-known and trusted entity, it is on most Allow Lists, meaning that their messages will get through to your inbox in most cases. Furthermore, since the attack itself is carried out using the comments, only the attacker’s name is showcased, not their email address. This opens up tons of possibilities for hackers to fool users into thinking someone within their organization is sharing a document with them, even when it is just a hacker attempting to cause trouble.

In short, the moral of the story here is that you should never click on links that look or seem suspicious by any stretch of the imagination––especially if they appear to be from a service that your business doesn’t utilize, like Google Workspace. If it does use Google Workspace, still treat it with caution and follow up with whoever the user is to ensure its authenticity. It never hurts to clarify the sender of a link, and it sure beats downloading some random threat that could leave your business in shambles. You can also double-check the destination for a link by hovering over it to ensure that it is sending you to the correct location, or at least the one that you expect it to.

For updates on the latest threats, be sure to subscribe to Compudata’s blog

A Glimpse Into What Compliance Looks Like for Businesses

Apr 7, 2025 | Blog, Business

It’s easy to see all the reasons why you should make data regulations and compliance a priority. After all, you want to ensure you don’t violate the trust and security of your customers, as well as the integrity of your operations. If you make even one mistake, it...

AI Search Isn’t There Yet

Apr 4, 2025 | Blog, Technology

People do this all the time: if they don’t know an answer, they just make something up that sounds right. It turns out AI has the same bad habit. A Study Put AI Search to the Test, and It Did Not Go Well Researchers at the Tow Center for Digital Journalism (part of...

Remote Work Is Great, but There Are Some Pitfalls

Apr 2, 2025 | Best practices, Blog

Do you have employees working remotely? If you do, the real question is, are you doing everything you can to keep them productive and secure? Remote work is awesome, but it comes with its fair share of risks. Today, we get into how to competently confront them. Remote...

It’s World Backup Day! You Need to Hedge Against Losing Data

Mar 31, 2025 | Blog, IT Blog

Data loss can be from a cyberattack, hardware failure, or just plain bad luck. Either way, it is a real threat to your business. You can hedge against it by having solid data backup strategies in place. Today is World Backup Day, so we thought we’d go through some...

Hiring IT is Hard (Here’s How to Make It Easier)

Mar 28, 2025 | Blog, Business

Do you have someone on your staff who can handle most IT-related issues for your business? If not, we’re sure your organization feels it in more ways than one. The issues that come from not having IT help are only made more frustrating when it comes time to find IT...

What Should Your Business Commit to Its Cybersecurity Protections?

Mar 26, 2025 | Blog, Security

How much your business should spend on cybersecurity largely depends on a variety of factors, and you cannot lump yourself in with just any other business. The same IT budget will go to different lengths for different businesses. Your typical small business, for...

Shouldn’t Consumers Know the End of Life Date of Connected Devices?

Mar 24, 2025 | Blog, Technology

In the grocery store, we’re given the estimated date that the food we’re buying will turn, helping us to make more informed decisions about what we are purchasing and the quality therein. Wouldn’t it be nice if the same could be said about the technology our...

Let’s Take the Lid Off of CAPTCHA

Mar 21, 2025 | Blog, Security

We've officially reached the point where humans have to prove they're, well, human just to access websites. One of the most common ways to do this? CAPTCHA. CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. It might sound...

Know Your Rights; Protecting Your Devices and Your Identity from Law Enforcement

Mar 19, 2025 | Blog, Security

Our phones, laptops, smart home devices, and even our cars are packed with data about our lives. But what happens when law enforcement wants access to that information? Whether you're an individual just trying to keep your personal data safe or a business owner...

Automation Isn’t Always the Best Business Option

Mar 17, 2025 | Blog, Business

Automation makes sense from an operations standpoint, and people see this despite the many who advocate for scaling back to save jobs. For every task that can be completed, however, less than half can be automated. When you consider all the tasks that a human might be...

Industry Insights

Hackers are Using Google Docs (and other Cloud Services) to Attack Users

A Glimpse Into What Compliance Looks Like for Businesses

AI Search Isn’t There Yet

Remote Work Is Great, but There Are Some Pitfalls

It’s World Backup Day! You Need to Hedge Against Losing Data

Hiring IT is Hard (Here’s How to Make It Easier)

What Should Your Business Commit to Its Cybersecurity Protections?

Shouldn’t Consumers Know the End of Life Date of Connected Devices?

Let’s Take the Lid Off of CAPTCHA

Know Your Rights; Protecting Your Devices and Your Identity from Law Enforcement

Automation Isn’t Always the Best Business Option

More Reading from Industry Insights:

A Glimpse Into What Compliance Looks Like for Businesses

AI Search Isn’t There Yet

Remote Work Is Great, but There Are Some Pitfalls

It’s World Backup Day! You Need to Hedge Against Losing Data

Hiring IT is Hard (Here’s How to Make It Easier)

About Us

Contact Us

Company

Trust