In May 2017, a phishing attack now known as “the Google Docs worm” spread across the internet. It used special web applications to impersonate Google Docs and request deep access to the emails and contact lists in Gmail accounts. The scam was so effective because the requests appeared to come from people the target knew. If they granted access, the app would automatically distribute the same scam email to the victim's contacts, thus perpetuating the worm. The incident ultimately affected more than a million accounts before Google successfully contained it. New research indicates, though, that the company's fixes don't go far enough. Another viral Google Docs scam could happen anytime.

Google Workspace phishing and scams derive much of their power from manipulating legitimate features and services to abusive ends, says independent security researcher Matthew Bryant. Targets are more likely to fall for the attacks because they trust Google's offerings. The tactic also largely puts the activity outside the purview of antivirus tools or other security scanners, since it's web-based and manipulates legitimate infrastructure. 

For more information: Click Here