Google Docs Comment Scam

Cybercriminals are adding enabled phishing links in Google Doc comments.

Google Docs make it easy for coworkers, students, family, and friends to share and create documents amongst users. Since this is a very popular service, cybercriminals have taken it into their own hands and add phishing links where they see fit. A cool feature on Google Docs is that each user can share comments. In the latest scam, cybercriminals are taking advantage of adding phishing links in the comment section.

Cybercriminal are using real Google accounts and creating a document. They then tag you in a comment which then will automate to an email from Google in your inbox notifying you of a tag in a comment. Cybercriminals are tricky and will make this comment look like it comes from someone you trust. This comment will also include an embedded link, that once clicked, will install malware on your device.


  • Never open documents or attachments that you weren’t expecting. If you receive a document that you weren’t expecting, make sure to verify that this is real. You can contact the sender by not replying to the email or contacting them with any info within the email but by using your own directory and files.
  • Always be cautious of links. An easy way to check where the link is going is by hovering over the link. Make sure to check the commenter's email address as well. If either of these looks suspicious then do not click on the link.
  • Be wary of grammatical errors. Most cybercriminals will have weird phrases and grammatical errors in their comments.

Learn more tips like this and train your employees with our Security Awareness Training Program.