To Tackle A New Phishing Campaign, Google Updates Workspace Doc

Published: April 12, 2022 on our newsletter Security Fraud News & Alerts Newsletter.



Google recently announced an update to its Workspace platform, choosing to be proactive about the latest phishing campaign leveled at Workspace Doc users. Doc app lets individuals and organizations alike create documents offering collaborative edits and comments from others. As of two years ago, Workspace had more than 2 billion monthly active users. That’s a lot of targets for a phishing campaign until Google stepped up with a simple solution.


HowStuffWorks finds up to 10 people can work together on the same Doc file, 50 can edit a Doc spreadsheet together, and up to 200 can view any type of Doc file at the same time. These are great options for sure, but it also puts Doc users in the bullseye for this latest phishing bid.


The phishing leveled at Doc users involves the “comment notifications” feature in Doc’s messages. To improve their productivity software, Google previously added “@mention” comment to Workspace. Hackers didn’t waste any time exploiting this feature.



A Small Change Is Huge


Avanan email security company explains the phishing ruse this way: “In this attack, hackers are adding a comment to a Google Doc. The comment mentions the target name with an @. By doing so, an email is automatically sent to that person's inbox. In that email, which comes from Google, the full comment, including the bad links and text, is included. Further, the email address isn't shown, just the attackers’ name, making this ripe for impersonators.” And that’s where Google injects its change.


To help Doc users red-flag phishing, a small but mighty change by Google lets email comment recipients spot it when they see it. Earlier this year, Google summarized this change on their Workspace Updates page “When someone mentions you in a comment in a Google Workspace document, we send you an email notification with the comment and the commenter’s name. With this update, we are adding the commenter’s email address to the email notification.” Having their email address spells “hacker” for recipients seeing an unfamiliar address. All it took was that minor change giving Doc users the ability to flag the phish themselves. So, when using this tool, be sure to double and triple check the sender. How about that for a small change with big results!

Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at advisor@nadicent.com

4 views0 comments