Immense Phishing Campaign Poses as Google Docs

Google Docs

An enormous phishing campaign that uses Google Doc links to trick users has been detected. All over social media reports have surfaced of users receiving emails with links that appear to directed towards a Google Docs file. Once infected, your email and contacts will be hijacked and used to forward phishing emails to the contacts in the account. Users should be wary of opening email links directing you to a file in Google Docs, even if it is a person one knows.

The way this particular scheme works is by sending an email to a user containing a like directing one to a google doc file. Once you click the file, the user will be redirected to a legitimate Google domain. In this domain, you will be requested to grant permission to access your emails and contact list to a third-party app named “Google Docs.” This will cause your account to be hijacked and used to forward more phishing links across your contact list.

Third Party app poses as Google Docs tricking users into granting email permissions. Source: https://www.theverge.com/2017/5/3/15534768/google-docs-phishing-attack-share-this-document-with-you-spam

Third Party app poses as Google Docs tricking users into granting email permissions. Source: https://www.theverge.com/2017/5/3/15534768/google-docs-phishing-attack-share-this-document-with-you-spam

In the case that you have already granted the third party “Google Docs” the requested permission, there is an easy way to revoke them. Log in to your Google account and head to the Connected Apps and Sites page. Locate the “Google Docs” app and revoke the given permissions.

This phishing activity is pretty creative in the fact that it tricks the user into believing that one is giving permission to a Google application to interact with their Google service. However, Google Docs does not require approval because it is already part of the Google’s ecosystem. The only time when an app requires access to anything in the Google environment is if it’s a third party application.

As of May third, Google released a statement announcing that they have taken down the malicious app and restored everything to normal.

We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts,” the company said in a statement. “We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.

Leave a Reply

Your email address will not be published. Required fields are marked *