Today I found out that google docs infects html exports with spyware, no scripts, but links in your document are replaced with invisible google tracking redirects. I was using their software because a friend wanted me to work with him on a google doc, he is a pretty big fan of their software, but we were both somehow absolutely shocked that they would go that far.
Title says it all. Somewhat interesting if true. I wouldn't be surprised either way.
HTML exports are not plain text, they include images, graphs, formatting, tables, links, etc. Google docs is a HTML based editor, so its HTML exports look particularly similar to the original editable doc, which users are used to. Other editors have different looks, and their HTML exports look differently.
Just like scam victims are "dumb", many scammers are also "dumb", they barely grasp the technical part of what they're doing, some just follow a script, but most importantly their focus is on social engineering, not on the tech.
How it works is: a "dumb" scammer writes a Google doc with some links to some scam landing page, gets a HTML export, and hosts it on gōogle.com; a "dumb" victim comes by, thinks "oh, this looks similar to the TPS report from last month", clicks on a link, and proceeds to fill in their company's banking information… ✨ well, not anymore! Because Google has replaced the actual link with a redirect in the HTML export that they scan and block when reported to be used by scammers. 🎉
Silly measures against silly scammers of silly victims. 🤷
Let's see…
HTML exports are not plain text, they include images, graphs, formatting, tables, links, etc. Google docs is a HTML based editor, so its HTML exports look particularly similar to the original editable doc, which users are used to. Other editors have different looks, and their HTML exports look differently.
Just like scam victims are "dumb", many scammers are also "dumb", they barely grasp the technical part of what they're doing, some just follow a script, but most importantly their focus is on social engineering, not on the tech.
How it works is: a "dumb" scammer writes a Google doc with some links to some scam landing page, gets a HTML export, and hosts it on gōogle.com; a "dumb" victim comes by, thinks "oh, this looks similar to the TPS report from last month", clicks on a link, and proceeds to fill in their company's banking information… ✨ well, not anymore! Because Google has replaced the actual link with a redirect in the HTML export that they scan and block when reported to be used by scammers. 🎉
Silly measures against silly scammers of silly victims. 🤷