New phishing campaign uses Google Docs to send malicious links that appear legitimate but steal victims credentials. Attackers can bypass link scanners and evade detection from common security protections that aim to verify that links sent via email are legitimate. Previously, attackers have used the attack vector in smaller services such as MailGun, FlipSnack, and Movable Ink, according to Avanan researchers. The trick to creating the attack is that the heavy lifting of the campaign is done by Google s hosted document service.
Source: https://threatpost.com/google-docs-host-attack/166998/