Abstract
Certain methods used by hackers are more effective than others, and it’s largely in part due to these methods working around and subverting popular security measures. They might take on the look of a legitimate email or web source, like social media, in an attempt to convince the user that it is indeed a message they can trust. The latest in this type of hacking attack includes Google Docs.
A hacker can basically place a comment on a Google Docs document using the @ symbol, allowing them to directly ping the user involved. The email comes from Google Docs, so the user has no real reason to suspect that anything is amiss. This strategy was discovered by Avanan and was reported on their blog. These attacks are carried out using Google Docs and Google Slides primarily against users of Microsoft Outlook.
The big reason these attacks are so successful is because they can bypass spam filters. Google is generally considered a trusted entity and is on most Allow Lists, meaning that their messages will be more likely to get to your inbox than others. Plus, the attack is carried out using the comments, so only the attacker’s name is shown, not their email address. This gives hackers a lot of creative freedom and power over how they represent themselves to your organization, potentially even impersonating someone within your company.
The best way to protect yourself from these threats is to never click on a link that looks or seems suspicious by any stretch of the imagination. This is especially the case if the email comes from a service you don’t use within your office, like if you use Microsoft products and you get an email about a Google product. You should always try to verify the authenticity of an email if it is in question, either by contacting the individual directly, picking up the phone, or walking to their office. You can also hover over the link with your mouse to see its destination before clicking on it.
For all updates on security and other business technology, subscribe to NetMGM’s blog.
ABOUT THE AUTHOR
Rafiq Masri
With over 25 years of experience in Information Technology, Rafiq is one of the most accomplished, versatile and certified engineer in the field. He has spent the past 2 ½ decades administering and supporting a wide range of clients and has helped position Network Management, Inc. as a leader in the IT Managed Services space.
Rafiq has built a reputation for designing, building and supporting top notch IT infrastructures to match the business objectives and goals of his clients.
Embracing the core values of integrity, innovation, and reliability, Rafiq has a very loyal client base with some customer relationships dating back 20+ years.
Rafiq holds a bachelor’s degree in Mechanical Engineering from the University of Michigan and has completed graduate programs in Software Engineering and Business at Harvard and George Mason University. Rafiq is a former founder and CEO of Automation, Inc. in Ann Arbor, Michigan as well as a valued speaker on entrepreneurship and technology at industry events such as ExpoTech and others.