Google warns of phishing scam that impersonates Google Docs

Share

After a massive Google Docs phishing scam hit users over the web, a relatively lesser known but new iCloud phishing scam is making its way into Apple devices created to steal credit card data as well as access the device's camera.

"The attack was simple, but sinister", TechCrunch reported.

"It worked so well because it bypassed what people who have a basic knowledge of security know not to do".

Martha Clayton, spokeswoman for the Paso Robles Joint Unified School District, said she received suspicious Google Docs share emails from two teachers. The user is then asked to give "Google Docs" access to any of the existing Google accounts.

"It appeared nearly wormlike in its behavior".

Google includes a warning to users when they receive the email, but some are clicking the link anyway, which is how the link keeps spreading. Possibly millions are receiving them as part of a new scam to collect personal information.

There is a good explanation of the Google attack here. "It was so successful it probably got shut down way quicker than the attacker had hoped".

Discovering who was behind the attacks is hard.

"I received several and I didn't click them, mostly because there were so numerous same thing and also because hhhhhhhhhhhh@mailinator.com seemed pretty sketchy", wrote Cody Stocker '17 in an email to The Daily, referring to the temporary email address listed as one of the recipients in the scam. Apparently many accounts have been compromised and have been sending out links to a shared document. "It allows you to recover access to forgotten passwords, and in some cases, emails have been used for financial fraud", he says. If you think you've clicked on a spam email, you can go to g.co/SecurityCheckup to remove apps you don't recognize and check your Google app permissions.

An email virus disguised as a Google Document hit campus emails Wednesday afternoon.

Anderson said that at least some of the problem lay with Google. The company advises people not to click on the link and report any phishing attempts to the company.

They have also assured the public that they have already disabled the phishing accounts and already removed the fake pages. May 3 that it had "taken action", removing "offending accounts" and "fake pages", and was "working to prevent this type of spoofing from happening again".

In an earlier tweet, Google warned users not to click suspect links.

Security firms are warning that other hackers may conduct similar phishing attacks abusing OAuth, not just through Google, but with Facebook and LinkedIn. That is, asking a logged-in user to grant permission to a malicious app developed by them.

In a statement issued around 7 p.m., Google said it had stopped the attack within about an hour, and that it had affected fewer than one in 1,000 Gmail users.

It appears the attacker made a third-party app called Google Docs and then unleashed it upon the world.

Apparently no one at Google thought to block someone calling their app Google Docs.

Share