The Google Docs The National Cyber Defence Institute warns of fraud spreading through the comment function.
A new, dangerous phishing technique has been reported that uses comments (with the "@" sign) created in Google Docs to lure victims. The new technique involves scammers tagging a user in Google Docs and then, once tagged, Gmail sends a notification to the target's email that someone has mentioned them in a post - inform the National Cyber Defence Institute.
The entry sent in the email may also contain links to malicious code, as Gmail does not yet have a protection system in place to guard against this. The technique is not entirely new, having been tried by fraudsters last October, and although Google tried to take preventative measures against it, they did not work.
Facilitates the scammers that the notifications do not show the sender's email address, only a name, making it much easier to impersonate a person, such as a colleague. The attack method also works for Google Slide comments.
Experts say it is very important to be vigilant and to pay close attention to the links in comment-generated notifications to guard against such attacks. To be on the safe side, you may want to ask the sender if the comment is actually from them.
