Google Docs users affected with sophisticated phishing attacks

Google doc scam

A Google Docs scam that is spreading like wildfire began entering the users’ inboxes in the disguise of a sophisticated phishing or malware attack. The misleading invitation to edit a Google Doc – one of the popular apps used for writing or sharing files appears with a subject line stating the name of the sender who “has shared a document on Google Docs with you”. Once the victims click on the “Open in Docs” tab, it takes them to a Google sign-in screen that asks to “continue with Google Docs”. Once clicked, it gives access to a fake third-party app to get email contacts that could allow the spam to spread to additional contacts.

Google has issued a warning and informed about their investigation. It encouraged all its users to report any similar activities with Gmail. Initially, Google didn’t respond to few requests for comment on such suspicious activities, though later on once they confirmed its origin, the spokesperson that they have taken action to protect the users from such fake pages and pushed our updates through safe browsing. A special team is working on this to prevent such spoofs.

From the account of few victims, it is seen that they get e-mails associated with law enforcement or any other official information/ announcement addressed to xyz@abc.com and blindly copied to the victims. These phishing emails typically appear to be real and ask for sensitive information such as usernames, passwords, financial details etc. Google says it does not send out emails asking for this type of data and encourages users not to click on any links and to report suspicious messages.

The sophisticated Google docs spam seems to be more advanced than standard email phishing scams, because it doesn’t take users to a fake Google page for collecting passwords. Instead, it works within Google’s system with a third-party web app that has a deceptive name.

If the victims have given any permission through the phishing emails, then they can revoke the app by simply going through the settings. Since the scam has already affected 0.1% of Gmail users, thus Google has taken security measures on Gmail Apps for Windows, iOS and Android. For such phishing emails, Google is showing warning signal that reads, “The site you are trying to visit has been identified as a forgery, intended to trick you into disclosing financial, personal or other sensitive information.” In case of chrome users, it warns them similarly and offers option for ‘incorrect warning’ too.

This entry was posted in eScan 11, eScan 14, MailScan, Security and tagged , , , , , , . Bookmark the permalink.