May 4, 2017 by

Google Docs Users Hit with Massive Phishing Attack

On Wednesday morning (PST), users of the popular Google Docs software suite were targeted in a comprehensive phishing campaign that allowed attackers to obtain victims’ contact lists while accessing their Gmail accounts to spread spam.

The sweeping phishing campaign saw people across a number of industries who received emails containing a Google Doc link that purported to come from a contact they know. The fake link, as a part of the phishing campaign, was devised to compromise users’ Google accounts.

Those who fell for the fake link saw a bogus screen styled to look like a Google sign-in page. In the next page, the app seeking permission presents itself as “Google Docs’. AS in, ‘Google Docs would like to read, send, delete and manage your email & Manage your contacts’. A number of journalists have revealed that they received the spam emails.

The phishing campaign even bypasses two-factor authentication (2FA) since the victim willingly and unknowingly gives permission to the app.

If allowed, the attacker behind the phishing campaign gains control of the victim’s email account. At this point, the perpetrator proceeded to spam-blast emails to everyone on the victim’s contact list.

To its credit, Google proceeded to act swiftly and claimed that it had stopped the phishing campaign “within an hour”.

A statement from Google read:

We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”

With a second update, Google revealed that the phishing campaign had affected fewer than 0.1% of Gmail users. The internet giant removed the fake pages and applications and pushed security updates through Gmail, Safe Browsing and other anti-abuse systems.

“While contact information was accessed and used by the campaign, our investigations show that no other data was exposed,” Google added.

Users who want to review the security of their Google account are advised to visit Google Security Checkup.

Image credit: Pexels.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Google Research: Phishing Poses the Greatest Cybersecurity Threat

A new study by Google has revealed insights to better explain how emails and other accounts are...

Read more arrow_forward

Google Plans 2FA Upgrade with Hardware Replacements

Google is reportedly close to rolling out a new hardware-based replacement solution as an upgrade...

Read more arrow_forward

Hackers Find a New Way to Attack Nuclear Plants: Template Injection

Hackers have leveraged phishing, a long successful method to execute cyberattacks, with a template...

Read more arrow_forward