U.S. government agencies and cybersecurity companies are warning users and organizations about cybercriminals abusing Google services to achieve their goals.
FBI warns about Google Voice abuse
Google Voice is a service that provides Google customers a phone number that they can use for calling, text messaging and voicemail. It can be used to make free PC-to-phone calls within the U.S. and Canada.
Scammers have been contacting people who sell things on online marketplaces such as Craigslist, claiming to be interested in the item. However, before making a purchase, they claim they want to make sure the seller is a real person so they send them a text message with a Google Voice verification code and ask them to provide that code.
Once they have obtained the verification code, the scammer can create a Google Voice number linked to the victim’s real phone number. They can then use the phone number to scam others and hide their identity. The verification code can also be used to access and hijack the victim’s Gmail account, the FBI said.
The Federal Trade Commission (FTC) issued a warning for these Google Voice scams in late October, and the FBI issued a fresh warning this week, along with advice on how people can avoid getting scammed and how they can regain control of the Google Voice account.
Avanan warns of Google Docs abuse
Email security company Avanan on Thursday warned that threat actors have been abusing Google Docs to deliver phishing websites and malware.
Attackers are creating a Google Docs document and adding a comment that mentions the email address of the targeted user. The target automatically receives an email from Google informing them about the comment.
The email includes the attacker’s comment, which can be a link to a malicious website, accompanied by a piece of text that attempts to convince the victim to click on the link.
This technique has been used since at least August 2020, and Google at the time promised to take measures. However, Avanan says Google still hasn’t fully addressed the issue and a new attack wave mainly targeting Outlook users was spotted by the cybersecurity firm in December 2021.
The company said the campaign had hit more than 500 inboxes across 30 tenants, with the attackers leveraging over 100 Gmail accounts.
“There are several ways that make this email difficult for scanners to stop and for end-users to spot,” Avanan explained. “For one, the notification comes directly from Google. Google is on most Allow Lists and is trusted by users. Secondly, the email doesn’t contain the attacker’s email address, just the display name. This makes it harder for anti-spam filters to judge, and even harder for the end-user to recognize.”
Related: Google Sees Increase in COVID-19 Phishing in Brazil, India, UK
Related: Google Sees Drop in Government-Backed Phishing Attempts
Related: Google Docs Phishing Scam Doused After Catching Fire