Over the years, we have seen cybercriminals aggressively evolving their methods to stay ahead of their potential targets, and these methods have recently grown to become more and more dangerous. The tiny wiggle room for victims to maneuver through makes it a dicey ground to tread upon. A challenging element here is the variety of weapons that these cybercriminals have at their disposal to inspire such a situation. One such weapon is the phishing attacks. As of late, phishing attacks’ cases have grown exponentially, and in all honesty, security agencies haven’t been able to figure out a comprehensive solution for this problem. Till now, losses going well into billions have been caused by these phishing attacks, and as one would expect, attacks of this specific nature has been somewhat of a centerpiece in America’s ongoing cybersecurity crisis. Innumerable business organizations and government have been targeted so far. Now, hackers seem to have bagged the big fish. Concerning news has emerged from the camp of Google, and users are getting increasingly anxious about the repercussions.
As per the reports, cybercriminals have uncovered a route to use phishing attacks for abusing Google docs and Drive functionality to bypass security filters. A leading security vendor, Avanan led this news and revealed this is probably the first time that such a technique has been used in conjunction with a name as popular as Google.
“This Google Docs page may look familiar to those who share Google Docs outside of their organization. This, however, isn’t that page. It’s a custom HTML page made to look like that familiar Google Docs share page,” Avanan explained.
The bait here is a ‘Click to Download’ option which will redirect you to the actual phishing website, albeit designed to look like a legit Google login portal, where your credentials are stolen.
The sheer simplicity of the way in which these attacks are structure yet the level of devastation they carry with them has left many security experts astonished. Google has also received some criticism on the basis of their AI system’s failure in detecting suspicious nature of this procedure. It remains to be seen how Google responds to this top-threat vector that clocked over 62.6 billion victims last year.