Man
Professional
- Messages
- 3,087
- Reaction score
- 627
- Points
- 113
Google Drive's email file functionality can be used to send phishing emails through the google.com domain .
I was wondering how someone could use this to send phishing emails using @google.com the domain
That's all.
I then created a Google Doc with the preposition as shown below. The title of the document in this example is “Mandatory Antivirus Update”.
Now select File > Email this file and check the box “Do not attach. Include content in email”. If you want to add additional content to the message box, feel free to do so.
And now when the target gets the email, this is what they see. I think it's pretty plausible.
You probably guessed why there were several articles about phishing before this article came out?
Introduction
I was using Google Drive and accidentally came across their “Email this file” feature (I don’t know if it’s new, but I never noticed it). There’s nothing unusual about it, except for one little thing that piqued my curiosity. When I emailed a file to myself, the sender’s email address was:
Code:
hacker (via Google Docs) <drive-shares-noreply@google.com>I was wondering how someone could use this to send phishing emails using @google.com the domain
Steps - TLDR
The steps to abuse this feature are quite simple:- You must use a Google Workspace account. If you use a Gmail account, Google will use your email as the sender.
- Change the first name, last name, and profile photo in your Google Workspace account to the name of the person you want to impersonate (for example, the target's manager).
- Create a Google Doc and insert some preposition. Make sure the title of the document is accurate as it will be seen by the target user.
- Click “Email this file” and make sure you check the “Do not attach. Include content in email” box.
That's all.
Walkthrough
As mentioned, we'll start with a Google Workspace account. Change the name and profile photo to whatever you like.
I then created a Google Doc with the preposition as shown below. The title of the document in this example is “Mandatory Antivirus Update”.
Now select File > Email this file and check the box “Do not attach. Include content in email”. If you want to add additional content to the message box, feel free to do so.
And now when the target gets the email, this is what they see. I think it's pretty plausible.
Final thoughts
This could probably be a good phishing attack during the interaction. Obviously there are limitations on what you can change in the email template, but that's due to the technology and there's nothing you can do about it.You probably guessed why there were several articles about phishing before this article came out?
