888-448-5451 [email protected]

Protect Against Phishing Attacks

File Sharing Programs Risks

Phishing attacks are an all-too-common occurrence in today’s business world. Hackers use phishing scams to trick employees into giving up company information, passwords and other sensitive data. The phishers often send out emails that appear as if they come from the CEO or another high-level executive of the company, requesting that a file be shared with them using a Google Docs link. While phishing schemes like this one have been around for years, it seems hackers are now turning to more sophisticated methods such as phishing through Google Docs and SharedPoint files. In order to protect your company against phishing risks involving these types of programs, you should train remote workers on what type of emails they should watch out for and what to do if they spot one that gives them reasons to doubt it. 


What you want to know about the attack vector  

Hackers will use phishing attacks against remote workers by sending them a message asking for the receiver to open an attachment or to follow a link in order to make sure that their work is being done. The email might say that they are not receiving your emails, need urgent help with something or ask for surveys and feedback on products or that it is an urgent document they need to fill out for HR; all things that would give a sense of urgency and which would be replied back through this shared document program.   

The average user wouldn’t know how phishers could see what’s been written unless it was emailed out, so when someone does receive such an email containing these messages about business from one of the programs mentioned above, cybersecurity training should be given about what type of danger there is behind opening up any attachments because hackers can steal information and even hold data hostage for ransomware once the network has been compromised. 


To Use Google Docs as an example  

Once the potential victim clicks on the link provided in the phishing email to download the document the user is redirected to the actual malicious phishing website, which steals the credentials of the victim using another web page that is made to look like the Google Login portal, but which is hosted from a URL that is not affiliated with Google in any way shape or form. 


Understanding how this type of attack works using the example of Google 

The hackers create a web page that looks like a Google Docs sharing page and then upload the HTML file to Google Drive.  Once scanning is complete, Google gets the HTML page to look like a typical Google Docs page.  The attacker right-clicks on the uploaded file and opens it in Google Docs.  This is where the integral aspect of the attack takes place.   

It is by manipulating Google Docs that attackers are able to successfully make the page malicious instead of just delivering a page with a source code that would not be effective. 

The last step that needs to take place for the final deployment of this type of attack is carried out by publishing to the web from the Google Docs dropdown file menu.  At this point they embed and publish the file, which now has embedded tags provided by Google that are meant to be used on its own forums to render custom content, but that instead the attacker uses (without the iframe tags) to save the malicious link that they will be using to send via the phishing campaign. 

The full HTML file is now completed and contains the redirect hyperlink to the malicious website. 


Phishing email cybersecurity tips for your remote workforce 

Here’s what you need to teach your employees about phishing email cybersecurity risks: 

  • If the email looks like it came from a company, but is not sent through that company’s domain, then reject the email.  
  • If there is an attachment or link in the phishing message, do not click on them; instead forward these messages directly back to IT for evaluation and investigation by security professionals.  
  • If you receive any phish text messages, delete those texts immediately because this could be a sign of another type of attack called smishing (SMS phishing). Do NOT reply to the sender with “stop.” 
  • For the tech savvy remote worker, teach them to hover over the link since the URL is also a good give away. 


To protect against phishing risks when it comes to security threats involving shared documents, you need give your employees training so they’re aware of what information hackers may be looking for through this type of attack, such as passwords and login credentials. 

If you need support NCX Group has a cybersecurity training service for small businesses that you can try out for free.  Here is the link: https://training.ncxgroup.com/free/  

You can also reach out for free consultation to see what other steps you may want to take or simply to get an expert’s opinion on improving cybersecurity training and phishing awareness with your remote workforce.  

Schedule your consultation here: https://calendly.com/ncxgroup



Photo courtesy of alphaspirit.it