Not even Google Docs is immune from a phishing attack

By on
Not even Google Docs is immune from a phishing attack

A clever phishing scheme used Google’s own login page against users.

If you can’t trust an official Google login page then what can you trust? An innovative phishing scam briefly spread like wildfire this week before being snuffed out by Google – and it was using the company’s own security against unsuspecting users.

Here’s how it worked. It would start with you receiving an unsolicited email from a known contact. It looked like the standard “invitation to view a document” that regular Google Docs users will know very well.

But unlike traditional phishing attacks that try to coax personal details out of you with an official-looking imitation page, this cunning scam took you to a genuine Google login window. Once you signed in, you inadvertently gave access to a malicious third-party app (cunningly named “Google Docs”), allowing it access to your contacts and email, extending the scam go further. The only way to see its scammy nature was to highlight the Google Docs name and see the real email address hiding, as demonstrated in this tweet:

Google quickly became aware of the issue and took steps to close the loophole, writing in a statement on its Product Forums that: “We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We've removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”

Just because the known malicious apps have been closed, doesn’t mean another similar exploit account couldn’t open – so do be vigilant.

If you think you were taken in by the scam, head over to Google’s security page, and remove any connected apps that looks fishy or phishy.

This article originally appeared at alphr.com.

Copyright © Alphr, Dennis Publishing
Tags:

Most Read Articles

You must be a registered member of Business IT to post a comment.
| Register

Poll

How long has your business been operating?
Up to 2 years
2-5 years
5-10 years
More than 10 years
What would you like to see more of on BiT?
News
Reviews
Features
How To's
Lollies
Photo Galleries
Videos
Opinion
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?