Users of Cloud Services are Under Attack

Certain methods used by hackers are more effective than others, and it’s largely in part due to these methods working around and subverting popular security measures. They might take on the look of a legitimate email or web source, like social media, in an attempt to convince the user that it is indeed a message they can trust. The latest in this type of hacking attack includes Google Docs.

A hacker can basically place a comment on a Google Docs document using the @ symbol, allowing them to directly ping the user involved. The email comes from Google Docs, so the user has no real reason to suspect that anything is amiss. This strategy was discovered by Avanan and was reported on their blog. These attacks are carried out using Google Docs and Google Slides primarily against users of Microsoft Outlook.

The big reason these attacks are so successful is because they can bypass spam filters. Google is generally considered a trusted entity and is on most Allow Lists, meaning that their messages will be more likely to get to your inbox than others. Plus, the attack is carried out using the comments, so only the attacker’s name is shown, not their email address. This gives hackers a lot of creative freedom and power over how they represent themselves to your organization, potentially even impersonating someone within your company.

The best way to protect yourself from these threats is to never click on a link that looks or seems suspicious by any stretch of the imagination. This is especially the case if the email comes from a service you don’t use within your office, like if you use Microsoft products and you get an email about a Google product. You should always try to verify the authenticity of an email if it is in question, either by contacting the individual directly, picking up the phone, or walking to their office. You can also hover over the link with your mouse to see its destination before clicking on it.

For all updates on security and other business technology, subscribe to Nexela’s blog.