A Message from ACC Information Security

Austin Community College District warns employees and students of a new phishing scam targeting Google Docs. 

According to reports, state agencies are seeing a rise in a new type of phishing exploit in Google Docs. The attacks involve the commenting feature on the platform where scammers are sharing infected files or links with end-users. 

Here’s what you should know:

  1. Hackers use a Google account to create a Google Document and then comment on it to mention the target with an @.
  2. The comment includes an infected file. 
  3. The comment triggers a legitimate Google notification that may look similar to this:
  1. The comment on the email can carry malicious links that lead to malware dropping web pages or phishing sites.

As with any email, think before you click. First, always avoid clicking on links that arrive via email and are embedded on comments. Second, confirm that the sender email matches your colleague’s (or claimed person).

If the email is not from someone you typically do business with or looks suspicious, report it as phishing. To report an email as phishing, complete the steps below. 

 On the original email:

  • Select the three dots next to the “reply arrow”
  • Select “report phishing”