Google Docs phishing scam explained

By Digit NewsDesk | Updated 13 Jun 2017
Google Docs phishing scam explained
  • A widespread phishing scam hit Google Docs users yesterday, making their Gmail accounts and contact lists vulnerable to hackers. Here's what happened

A widespread phishing scam hit Google Docs users yesterday, making their Gmail accounts and contact lists vulnerable to hackers. A phishing attack usually entails attackers trying to retrieve personal information from users through unscrupulous emails disguised as important messages, attempting to provoke unsuspecting users into freely disclosing their personal information. However, this is not what happened with the Google Docs phishing scam.

advertisements

The attackers used a more sophisticated approach, creating a non-Google web app, which they cleverly named - Google Docs. They then sent out emails to Gmail users asking them to edit a document on Google Docs, which appeared to have been sent by a known contact. Those who clicked on the Google Docs phishing link, were redirected to a real Google sign-in screen and asked to “continue to Docs.” This, then fooled users to grant access and permissions to the malicious Google Docs web app. Below is a snapshot of the permission screen -

If you read carefully, Google does not ask users for such permissions usually. If you were one who received such an email yesterday, you better change all your passwords immediately and warn people in your contacts list. The attackers apparently sends similar spam emails to contacts of users who clicked on the phishing link. Here are some reactions to the attack on Twitter -

advertisements

 

advertisements

 

advertisements

The problem that hackers were able to exploit here is that Google allowed them to create a third-party web app named ‘Google Docs’, and also let them work within Google’s system. Here’s what happens when you check the app title for its developer information -

advertisements

 

Users who suspect they have been hacked, could go to Google’s Connected Apps and Sites page and revoke permissions granted to the malicious app.

What does Google have to say about all this? Well, the good news is that the company has managed to fix the issue. In a statement to the Verge, Google said, “We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.” The company also Tweeted out the following message -

We still don’t have any information on how many Gmail accounts were compromised in this phishing scam, although, multiple reports indicate this was a “massive” and “large” attack.

advertisements
Digit NewsDesk
The guy who answered the question 'What are you doing?' with 'Nothing'.
advertisements
ASK DIGIT

Recent Questions

Is nextworld.in a scam?
THe Chronic
Dec 15, 2016
Responses
Comments
Be the first one to post the comment
Post a New Comment
You must be signed in to post a comment
advertisements