Gmail Hit With Google Docs Phishing Emails

Topic

New Reply

Fake Google Docs phishing deluge hits Gmail
The spam email appears as a contact sharing a Google Doc, so do not open it.

By Asha McLean | May 3, 2017

 
A new phishing attack has appeared in inboxes around the world that masquerades as an email contact sharing a Google Doc.

The emails appear to originate from a legitimate account, with the email addressed to

hhhhhhhhhhhhhhhhh@mailinator.com

…

However, the app called “Google Docs,” which requests permission to read, send, and delete emails, is not a real Google app.

Clicking the link authorises the attack, and a user’s account will then be hijacked and used as an infection vector, repeating the same behaviour to every contact a user has ever emailed.

It also bypasses 2 factor authentication, as well as login alerts.

Users that have clicked “allow” have fallen victim to the campaign.

If the scam has made its way into a user’s Gmail account, it can be deleted by removing the false “Google Docs” app via Google’s Security Checkup page. The search engine giant has asked customers to remove any apps they do not recognise.

In a statement, Google said it has taken action to protect users against the email impersonating Google Docs and has also disabled offending accounts…
“We encourage users to report phishing emails in Gmail.”

 
Read the full article here

1 user thanked author for this post.

ch100

Reply | Quote

Replies

alienvault.com say this worm “ is one of the most well-crafted phishing attempts in the last year”, in an article they published on May 5, 2017.

“Luckily, Google reacted to this quickly, and the malicious applications were shut down in about an hour after the start of the campaign. Cloudflare, which the attackers used in front of the malicious infrastructure, took down that part of the attack infrastructure quickly, too.
… this is not the first time this technique was used. Multiple actors have been using it for years to circumvent two-factor authentication.”

 
Read the full article here

Reply | Quote

Google Docs Phishing Campaign
https://www.us-cert.gov/ncas/current-activity/2017/05/04/Google-Docs-Phishing-Campaign

Original release date: May 04, 2017

 
US-CERT is aware of a phishing campaign that affected Google Docs users. The campaign used spoofed email addresses to target users with emails purporting to share a document for collaboration. Once the targeted users accepted invitations, they were encouraged to allow the phishing program access to their email accounts. Google has taken action to protect users, including removing the fake Google Docs pages and disabling the offending accounts.

US-CERT reminds users that they play a critical role in protecting their organizations and themselves from cyber threats. Users should:

Be careful when clicking directly on links in emails, even if the sender appears to be known; attempt to verify web addresses independently (e.g., contact your organization’s helpdesk or search the Internet for the main website of the organization or topic mentioned in the email).
Exercise caution when opening email attachments. Be particularly wary of compressed or ZIP file attachments.
Immediately report any suspicious emails to your information technology (IT) helpdesk, security office, or email provider.

Users of Google Docs are encouraged to review Google’s statement and US-CERT’s Tip on Avoiding Social Engineering and Phishing Attacks for more information. You can report any suspected phishing emails to the anti-phishing group APWG.

1 user thanked author for this post.

ch100

Reply | Quote

According to theregister.co.uk:

World was warned FIVE years ago about flaw exploited in Google Docs phishing phrenzy
Ad giant even paid a developer a bounty for spotting it

Read their article here

Reply | Quote