Berkleley Lab

Information Technology

You are here: Home / News / Cyber Security / Google Docs Phishing Comments

Google Docs Phishing Comments

Published on by Arica Chhay.

By Arica Chhay, Jay Krous, Michael Smitasin

A new phishing tactic has emerged; attackers are using the comments feature of Google Docs to send phishing messages.  These attacks are challenging to prevent at the moment since the comment appears to come from Google. Review the real Lab example below to understand how to recognize this latest technique.

Screenshot of a real phishing attempt via Google Docs comment.

This specific comment was initiated from a malicious Gmail account, lindamartinezvhpthkcqnqq@gmail.com, which is pretty easy to spot. However, notice the actual from “comments-noreply@docs.google.com” so reporting the email as spam or phishing will have unclear effects on preventing future email from malicious Gmail accounts.

Google Docs are commonly used at the Lab and other institutions so it may take a moment to discern a genuine work-related comment from a fake one. The attackers use public websites to collect email addresses. Since the notification arrives from a legitimate source, @docs.google.com, it’s very difficult to filter or block all future occurrences of this type of attack. Be wary of documents shared by email addresses you don’t recognize and any that include links in the comments.

Instructions are included below to  report these emails to Google to enable the filter to adjust. You can also block file sharing and comment notifications from specific email addresses. This is an emerging attack and our recommendations will change as the situation progresses. At this time, we just want to make you aware of this new tactic. 

Report an email as phishing

  1. On a computer, open Gmail in your web browser. 
  2. Navigate to the phishing message and open it. 
  3. Expand the 3 vertical dot menu in the top-right corner of the message window and select Report phishing.
Report phishing in Gmail.

Block the sender of a Google Drive file

You can block files shares from specific people in Google Drive, Docs, Sheets, or Slides. Blocking the sender of a Google Drive file will have the following effects:

  • They won’t be able to share files with you. 
  • You won’t be able to share files with them, unless you unblock them first. 
  • They can’t access any of your files and you can’t access any of theirs.
  • You won’t receive comment notifications from them in Google Docs, Sheets or Slides, unless you manually subscribe to notifications for all comments within that file. 
  • Blocking doesn’t work on another lbl.gov account when using your own lbl.gov work email.
  1. On a computer, open Gmail in your web browser. 
  2. Open a comment notification or Drive sharing email.
  3. At the bottom of the email, click Block the sender.
Block the sender of a Google Drive comment or file.
  1. In the new tab that opens, click Block.
Block a person in Google Drive.

Was this page useful?

Send
like not like
Back to Top