U.S. government agencies and cybersecurity companies are warning users and organizations about cybercriminals abusing Google services to achieve their goals.
FBI warns about Google Voice abuse
Google Voice is a service that provides Google customers a phone number that they can use for calling, text messaging and voicemail. It can be used to make free PC-to-phone calls within the U.S. and Canada.
Scammers have been contacting people who sell things on online marketplaces such as Craigslist, claiming to be interested in the item. However, before making a purchase, they claim they want to make sure the seller is a real person so they send them a text message with a Google Voice verification code and ask them to provide that code.
Once they have obtained the verification code, the scammer can create a Google Voice number linked to the victim’s real phone number. They can then use the phone number to scam others and hide their identity. The verification code can also be used to access and hijack the victim’s Gmail account, the FBI said.
The Federal Trade Commission (FTC) issued a warning for these Google Voice scams in late October, and the FBI issued a fresh warning this week, along with advice on how people can avoid getting scammed and how they can regain control of the Google Voice account.
Avanan warns of Google Docs abuse
Email security company Avanan on Thursday warned that threat actors have been abusing Google Docs to deliver phishing websites and malware.
Attackers are creating a Google Docs document and adding a comment that mentions the email address of the targeted user. The target automatically receives an email from Google informing them about the comment.
The email includes the attacker’s comment, which can be a link to a malicious website, accompanied by a piece of text that attempts to convince the victim to click on the link.
This technique has been used since at least August 2020, and Google at the time promised to take measures. However, Avanan says Google still hasn’t fully addressed the issue and a new attack wave mainly targeting Outlook users was spotted by the cybersecurity firm in December 2021.
The company said the campaign had hit more than 500 inboxes across 30 tenants, with the attackers leveraging over 100 Gmail accounts.
“There are several ways that make this email difficult for scanners to stop and for end-users to spot,” Avanan explained. “For one, the notification comes directly from Google. Google is on most Allow Lists and is trusted by users. Secondly, the email doesn’t contain the attacker’s email address, just the display name. This makes it harder for anti-spam filters to judge, and even harder for the end-user to recognize.”
Related: Google Sees Increase in COVID-19 Phishing in Brazil, India, UK
Related: Google Sees Drop in Government-Backed Phishing Attempts
Related: Google Docs Phishing Scam Doused After Catching Fire

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Zyxel Firewalls Hacked by Mirai Botnet
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
- Drop in Insider Breaches Drives Decline in Intrusions at OT Organizations
- Zero-Day Vulnerability Exploited to Hack Barracuda Email Security Gateway Appliances
- OAuth Vulnerabilities in Widely Used Expo Framework Allowed Account Takeovers
- New Honeywell OT Cybersecurity Solution Helps Identify Vulnerabilities, Threats
- Rheinmetall Says Military Business Not Impacted by Ransomware Attack
Latest News
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
