{"id":18448,"date":"2022-03-08T04:10:04","date_gmt":"2022-03-08T12:10:04","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2022\/03\/08\/news-12181\/"},"modified":"2022-03-08T04:10:04","modified_gmt":"2022-03-08T12:10:04","slug":"news-12181","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/03\/08\/news-12181\/","title":{"rendered":"Google takes on Docs notification spammers"},"content":{"rendered":"

Credit to Author: Christopher Boyd| Date: Tue, 08 Mar 2022 11:31:05 +0000<\/strong><\/p>\n

Cloud-based document suites have always been a hot target for scammers. When it\u2019s easy to dip in and out for collaboration purposes, or just share things generally, then it’s likely that bad people will want in on the action. <\/p>\n

In 2019, Google calendar users were wading through endless spam invites\/event notifications<\/a> when spammers worked out how to game the system. It was fixable, with the caveat that the fix was a multi-stage process. Quite likely a bit too much work for people who just want to access their calendars without spam, and who can blame them?<\/p>\n

Anyway, these things come around time and time again. When a new feature appears, so too do the spam vultures. Time to cast our minds back to the end of 2020.<\/p>\n

Of comments and exploits<\/h2>\n

The pandemic has helped nudge along additional features into collaboration tools to make remote work more straightforward. One such Google Docs revamp<\/a> is the \u201ctag tool\u201d which fetches lists of recommended people. This operates in a similar way to how when you type in a username on Twitter, it prefills a bunch of suggestions after the \u201c@\u201d.<\/p>\n

So far, so good.<\/p>\n

Around October 2020, spam messages via Google Docs came to light. Specifically: the comments feature. It\u2019s worth noting this behaviour wasn\u2019t just restricted to Docs; other apps like Slides were affected too.<\/p>\n

Spammers figured out they were able to send messages<\/a> via tagging to \u201cnearly any email address\u201d (as per this article<\/a>). Inserting a tag would generate and send mail to the tagged individual\u2019s mailbox, with the mail appearing to have come from Google. While we can question if that alone is enough to add the legitimacy sheen required, at the baseline it\u2019s sailing past spam filters and related precautions.<\/p>\n

The messages included everything from \u201cinappropriate PDFs\u201d and fake financial transaction links to more general bogus notifications and supposed financial compensation. <\/p>\n

Filtering out the rogues<\/h2>\n

As with the workaround for calendar spam, the process to block the mails required setting up custom filters, although I suspect a lot of regular Google users didn\u2019t bother with figuring out the mechanics of such a procedure.<\/p>\n

As mentioned, one really big problem with this spam technique was the absence of additional sender information. Good news: Google has now addressed this<\/a>. Notifications will now also show the commenter\u2019s email address, in order to allow recipients to be sure about who it came from. <\/p>\n

The change is scheduled to take place over a 15-day period, and as this rollout started on March 3rd, you may well already have the new functionality. According to the Times of India, this will also be a default option. No digging around for obscure options or menus, which is always appreciated.<\/p>\n

If you\u2019ve been weathering the storm of spam missives via Google apps over the last few weeks or even longer, then help is now officially on the way. Let\u2019s hope we can all get back to being productive without the risk of bogus messages as soon as possible.<\/p>\n

The post Google takes on Docs notification spammers<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Christopher Boyd| Date: Tue, 08 Mar 2022 11:31:05 +0000<\/strong><\/p>\n

We look at some fixes Google is releasing to combat a wave of spam made via notifications in Google Docs and other apps.<\/p>\n

The post Google takes on Docs notification spammers<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[25259,25260,1670,16802,5897,25261,10518,10595],"class_list":["post-18448","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-docs","tag-documents","tag-google","tag-mail","tag-privacy","tag-slides","tag-spam","tag-spammers"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18448","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=18448"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18448\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=18448"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=18448"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=18448"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}