IT Services – Kansas City

Phishing Attacks on Google Docs and Microsoft 365 Users

Small Business Owners Beware 

Are you a small business owner today and want to protect yourself from cyber threats like phishing attacks which may lead to a ransomware demand? If so, this post is for you. The latest news reports new types of phishing attacks targeting Google Docs and Microsoft Office 365 users in particular, as hackers just keep stepping up their game to stay one step ahead of security measures. One of their most common targets is small businesses, and most businesses feel forced to pay – enough, in some cases, to shut them down completely. 

Phishing Emails 

Educating yourself and your employees is one of the best preventative measures you can take. Phishing attacks are almost always launched through phishing emails. Phishing emails originating from external sources and/or from any unknown sender can ultimately result in ransomware demands. It all starts by clicking the link in these suspicious emails. The link connects to an external website that looks like the Outlook sign-in pages or sometimes Microsoft’s sign-in pages, in these new attacks.

Methodology

An example of how this could be done was given with a phishing email from an unknown source requesting business users confirm a deposit type, and attached is a link with the words “deposit advice” to a Google document – or so it seems. The link goes to what appears to be a Microsoft OneDrive Corporate Service Page, where screen users can see the document there, and that it is available to any company user. This part is even purposeful, in hopes someone will forward it to a corporate accountant. The link is a phishing link that still looks legit, asking for a password and username. 

The Scam 

The screen the person is taken to, however, is a slide from a Google Docs presentation that automatically opens in view mode. In other words, the sign-in page is the phishing page – it’s a fake. The “open” button, you see, from the original email, concealed a link to the phishing site, cleverly disguised as the Microsoft Office 365 sign-in page. In this way, these threat actors want to steal your credentials, as then they will have access to sensitive data in your company’s internal documents, which they can, in turn, hold for a ransom. This is possible by one employee falling for a phishing scam, designed to fulfill a successful ransomware attack. 

Clues It’s A Phishing Attack

Here are some clues an email is really a phishing attack disguised as something you should pay attention to: 

  • Emails from external sources don’t typically link back to internal documents at a company
  • Real financial documents are always set to open to a certain unique person, not generalized for anyone in the organization
  • The filename in the original email doesn’t match the one allegedly stored on OneDrive
  • Google Docs never hosts Microsoft OneDrive pages 
  • An “open” button in Microsoft OneDrive should not lead to an Outlook sign-in page
  • Look for the browser address bar clue – always check to make sure it looks legit and matches with the domain name it’s supposed to be 

If any of these signs occur, they should be red flags for security teams.

How to Prevent a Phishing Attack

To avoid landing on a phishing page, there are some anti-phishing techniques to know. Number one, get Microsoft Defender for Office 365, which has link screening tools that detect most phishing emails, to begin with. Double-check any Google Docs form you get to make sure they come from Google Docs. And check the browser address! In addition, training for employees is still highly valuable. 

Cyber Criminals

Cybercriminals are nefarious individuals and opportunists. Theirs is a game of chance, as the threat actor involved knows that not every single person is even going to have the kind of privileged access they want. They send their messages out on the web, just “phishing” for the right people. They want to be recipients of the password on your accounts, so they can steal your money, extort money from your business or steal your identity. 

Targeted Users

Though cybercriminals do launch targeted attacks, really they just attack what is most used and most available through security vulnerabilities. Microsoft Office 365 is widely used and thus targeted, as is Google Docs, both are normally trusted sources. But you can see why what looks like an innocent Google Docs file or Microsoft page, especially Office 365, be sure you pay attention to details in order to avoid them. Avoid messages from unknown sources or senders.

Blue Oak Technology Solutions

If you are a business owner concerned about your cyber security, contact us here at Blue Oak Technology Solutions. We are your off-site IT department and can help you with the security solutions you need. We help small businesses with the technological opportunities they need to grow and succeed! We understand limited budgets, so you can pay as you go, or utilize our customized monthly managed services, and have the IT support you need, whenever you need it! 

Read further from our article on Should you upgrade to Windows 11?