Hear me really closely — if one of your friends or family members have today shared a Google Docs file with you out of the blue, then don’t open the same hastily. Do whatever instead of clicking the link within the email forwarded to you because Google Docs seem to have been targeted with a new, simply-designed phishing attack. It spread through Gmail invitations, where the fake links request your permission to access personal info to take over your account and then forward the same phishing email to everyone in your contact list.
This development was initially shared on Reddit and has quickly spread across to several Gmail users because of the reality of the phishing tactics. Some of the most eagle-eyed individuals have fallen for this malicious trick — and you might too, if you aren’t careful — because the attack is taking place within the Google system. You cannot single out the phishing page as there isn’t one and you’re providing your info to a malicious third-party web app, named Google Docs, and paired with Google login — providing it access to your email and contact list.
On clicking the button within the email invitation received, you’re transferred to a real Google-hosted page – with the whole list of accounts available for access. Once you’ve selected the account you want to access the Google Docs file with, you’re thrown a permission page and it is completely real as well. The ‘Google Docs’ app in question here, on the other hand, has been designed by a third-party and granting access by clicking ‘Allow’ could be your biggest mistake today. You will provide them personal info and the phishing link will further spread like cancer.
The process employed by this intruder is super sneaky and exploits the ability to create third-party non-Google web apps, thus, it has been exploiting one Gmail account after another. While you can detect a phishing attack by simply looking at the page’s URL or the certificate in question but everything in this process happens within Google’s system. But, you can still detect that this app has been created by a third-party developer and save yourself from falling victim to the same. Courtesy of The Verge, here are a few screenshots of the attack:
And to make you aware of the whole process, Zach Latta of Hack Club has shared a video of the whole process on Twitter.
@zeynep Just got this as well. Super sophisticated. pic.twitter.com/l6c1ljSFIX
— Zach Latta (@zachlatta) May 3, 2017
Google has already acknowledged and taken steps to curb the further spread of this phishing scam. If you’ve already been affected by the same and spam Google Docs invitation links have been sent to your contacts, still you should take precautionary measures to protect your account for from further intervention. Navigate to the ‘Connected Apps and Sites’ page and revoke access to the third party app that’ll be named Google Docs.
Google Docs has released an official statement through a series of tweets, as seen under:
(1 of 3) Official Google Statement on Phishing Email: We have taken action to protect users against an email impersonating Google Docs…
— Google Docs (@googledocs) May 3, 2017
(2 of 3) & have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team…
— Google Docs (@googledocs) May 3, 2017
(3 of 3) is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.
— Google Docs (@googledocs) May 3, 2017
Here’s a combined transcript of the complete statement:
We have taken action to protect users against an email impersonating Google Docs & have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.