If you get a Google Doc link in your inbox today, scrutinize it carefully before you click—even if it looks like it comes from someone you trust. A nasty phishing scam that impersonates a Google Docs request has swept the internet today, including a decent chunk of media companies. You’ve heard “think before you click” a million times, but it really could save you from a whole lot of hassle.
Google has taken steps to neutralize this particular phish. The company said in a statement that it has “disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again.” But when it comes to phishing defense there’s always an element of cat and mouse. Large-scale phishing attacks and those impersonating popular services like Google log-in pages regularly stalk the internet.
For example, the attack appears to work by tricking you into logging into your actual Google account, then granting a third party (your attacker) access to your account’s data. Having gained permission to access your contacts, the attacker then fires off spam invites to everyone in your address book.
What makes this attack so tricky to detect is that it takes advantage of Google’s legitimate tool for sharing data with responsible third-party apps. Since the bogus invitation is being routed through Google’s real system, nothing is misspelled, the icons look accurate, and it’s hard to know something’s gone wrong until it’s too late.
Google said Wednesday that it is working to ensure this type of “spoofing” doesn’t happen again.
“We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts,” the company said in a statement.
Staff at The Washington Post, students at New York University and even workers at the US Agency for International Development have received warnings from IT administrators not to open the emails. Here is one such notice, obtained by The Post.
Here’s one clue for identifying the fraudulent email: Included on the string of recipients is an email address that begins “hhhhhhhhhhhhhh” and ends in “mailinator.com,” a website that lets visitors obtain a temporary and disposable email address.
So, until you hear otherwise, it’s probably best to hold off on any Google Docs usage for now. If you’ve clicked the link in the malicious email, you can revoke the attacker’s access by visiting …
… and deleting the “Google Docs” app – which is the one pretending to be legitimate.
© 2017 The Washington Post
Source: Wired, NDTV