Google Docs Phishing Attack Targets You From Familiar Accounts
Get an email from a friend or co-worker asking you to open a Google Doc? Don’t open it. It’s a very clever phishing scheme.
Today, the internet erupted with claims of strange invites being sent through GMail for users to open and check out a new Google Document. Where most email schemes are fairly easy to spot from the get go due to their irregular use of grammar or strange email addresses, this phishing scam was coming from inside the house.
It’s not clear where the issue started, but the attack authorizes Google Docs to see your contacts, which then in turn receive emails from you thus kicking the cycle off anew for another set of recipients. One user documented the whole process just so you can see how clever the attack was and how to spot the potential warning signs.
— Zach Latta (@zachlatta) May 3, 2017
Given that this scheme is uses an app with a misleading name within Google’s own ecosystem, and isn’t just an easy-to-spot email scheme like so many foreign princes have attempted before, it’s best to just delete any invite to a Google Doc you get until the problem has been solved. For what it’s worth, Google is looking into a solution on its end, but there’s no telling how long that might take.
We are investigating a phishing email that appears as Google Docs. We encourage you to not click through & report as phishing within Gmail.
— Google Docs (@googledocs) May 3, 2017
If you happen to have been tricked into the phishing scam, you can turn off the permissions you accidentally gave away through the Connected Apps portion of Google Security.. Unfortunately, the hackers will still have access to the information you granted before you shut them out.
With that in mind, if you haven’t at this point in your internet-connected life set up two-factor authorization on just about anything and everything that offers it, today is the day. Sadly, if you use GMail as your address for such verifications already, you may need to reassess that authentication process everywhere anyway. This is just a good day to go ahead and make sure you’ve got everything secured, especially if those things are tied to Google.