Google Docs is a word-processor service provided by Google within its Google Drive service. This online office suite software includes Google Slides Google Sheets, spreadsheet and as well as presentation program. This software is available as an android application, iOS, Blackberry, Windows application and as a web application. This application permits clients to make and modify records on the web while teaming up with different clients progressively. The client follows editing and modifications with an update history showing changes.
Hackers tried to perform a phishing attack on Google Docs:
Google’s cybersecurity researchers observed that some phishing attack campaigns performed on Google Docs Forms. They detected that the phishing messages began from an undermined email account with advantaged access to monetary administrations supplier CIM Finance. By utilizing CIM Finance’s site to host their phishing messages, hackers guaranteed that their emails could sidestep mainstream email security checks, including DKIM and SPF.
In these emails, they sent a message to various users to target them and get Microsoft Credentials. So that they can get access to their accounts, this message included a notification from an IT team informing the users to update their “Office 365”. If they want to be safe from the suspension of their accounts. Due to this fear of suspension, they tried to various pressurized users to click on “update now” button. It was by then when the Google Docs Form became possibly the essential factor.
Phishers made an artificial and non-secure Microsoft Office 365 login page. This page separated itself from Microsoft’s real login page by underwriting near the portion of the words and once in a while supplanting letters with bullets. The phishing page additionally showed users login data as plaintext as they composed right now the structure’s information fields. And hence the user gets hacked by a hacker and sometimes lost his personal as well as professional details.
As in their research, they clarified: Hackers made a fake Microsoft login page facilitated on Google that gives the bona fide SSL testament, to allure end users to accept. They are being connected to a Microsoft page related to their organization. Be that as it may, they instead linked to an external site facilitated by Google.