Avanan analysts have recently discovered an exploit vector in Google Docs that attackers are using to deliver malicious phishing websites to victims.
This Google Docs page may look familiar to those who share Google Docs outside of their organization. This, however, isn’t that page. It’s a custom HTML page made to look like that familiar Google Docs share page.
The attacker wants the victim to “Click here to download the document” and once the victim clicks on that link, they will be redirected to the actual malicious phishing website where their credentials will be stolen through another webpage made to look like the Google Login portal. As you can see, that is not Google’s website.