Hackers Are Sending Malicious Links Via Google Docs
Security firm Avanan says it "observed a new, massive wave of hackers leveraging the comment feature in Google Docs, targeting primarily Outlook users" starting in December 2021. Attackers reportedly created Google Docs and left comments using tags (the "@" symbol followed by the victim's name) so Google would notify the intended recipient via email.
"In that email, which comes from Google, the full comment, including the bad links and text, is included," Avanan says. "Further, the email address isn’t shown, just the attackers’ name, making this ripe for impersonators."
Full article here