A new trend in phishing attacks emerged in December 2021, with threat actors abusing the commenting feature of Google Docs to send out emails that appear trustworthy.
Google Docs is used by many employees working or collaborating remotely, so most recipients of these emails are familiar with these notifications.
Since Google itself is being “tricked” into sending out these emails, the chances of email security tools tagging them as potentially risky are practically zero.
The trick has actually been under limited exploitation since October last year, and while Google has attempted to mitigate the issue, they haven’t fully closed the vulnerability yet.
Source: BleepingComputers