article featured image


In December 2021, a new tendency in phishing attempts appeared, with cybercriminals exploiting the Google Docs commenting feature to send out emails that seemed legitimate.

Before that,

In June, Avanan reported on an exploit in Google Docs that allowed hackers to easily deliver malicious phishing websites to end-users. Now, hackers have found a new way to do the same thing.

Last October, it was reported that hackers could easily send malicious links through comments in Google apps like Docs and Slides. This known vulnerability has not been fully closed or mitigated by Google since then.


Because numerous employees who work or collaborate remotely use Google Docs, the majority of the recipients of these emails are familiar with the messages. As Google is being swindled into sending these emails, the likelihood of them being flagged as possibly dangerous is essentially nil.

The Attack

In the recently published study conducted by Avanan is explained that during this type of attack, cybercriminals post a comment to a Google Doc. The comment mentions the victim with an @.

An email is automatically sent to the target’s inbox as a result of this action. The entire comment, including the malicious links and content, is included in that email, which comes from Google. Furthermore, only the hacker’s name is displayed, the email address is hidden.


As explained by BleepingComputer, the email comment can contain harmful links that could result in malware dropping websites or phishing webpages, indicating that there are no checking/filtering mechanisms in place.


In this email-based campaign, cybercriminals discovered a way to send malicious URLs via Google Docs and other Google collaboration tools. It appears to primarily target Outlook users, but not entirely, according to researchers.

Malicious actors used over 100 different Gmail accounts to attack over 500 inboxes across 30 businesses.

How to Stay Safe?

Security experts can take the following steps to safeguard against these attacks:

  • Before clicking on Google Docs comments, advise users to double-check the email address in the comment to make sure it’s authentic;
  • Remind end-users to practice basic cyber hygiene, such as double-checking links and grammar;
  • When in doubt, contact the legitimate sender and verify that they intended to send that document;
  • Implement security solutions that protect the entire suite, including file-sharing and collaboration applications.

How Can Heimdal™ Help You?

Heimdal Security has developed two email security software aimed against both simple and sophisticated email threats: Heimdal Email Security, which detects and blocks malware, spam emails, malicious URLs, and phishing attacks and Heimdal Email Fraud Preventiona revolutionary email protection system against employee impersonation, fraud attempts – and BEC, in general.

By using over 125 vectors of analysis and being fully supported by threat intelligence, it detects phraseology changes, performs IBAN/Account number scanning, identifies modified attachments, malicious links, and Man-in-the-Email attacks. Furthermore, it integrates with O365 and any mail filtering solutions and includes live monitoring and alerting 24/7 by our specialists.

Heimdal Official Logo
CyberSecurity & Threat Intelligence Report
A review of the 2022 cyber-threat landscape and our predictions for 2023.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.


Google needs to reconsider its email notification feature for collaborative platforms like these, which risks individuals and those related to them. In addition to enabling the security features provided by Google, one can consider employing supplementary anti-phishing and threat detection tools to ensure a comprehensive security posture.

Leave a Reply

Your email address will not be published. Required fields are marked *