Another phishing, or perhaps even malware attack was discovered this Wednesday when inboxes of many users of Google Docs started receiving scam emails.
The users would get an email which invites them to edit a certain Google Doc, which is a popular app that’s being used for writing files. If the user clicks on the ‘Open in Docs’ option, they’ll be taken to the real Google sign-in screen. Another option will appear – ‘continue in Google Docs’. Upon clicking on this one, a third party app will get permission to access the email of the victim, including their contacts, which will then receive the same email, and the process will repeat.
Google has admitted that they know about this problem, and are currently investigating it. They’ve said that the users should report any such email in case of receiving one.
— Gmail (@gmail) May 3, 2017
Their spokesperson has stated that “We have taken action to protect users against an email impersonating Google Docs and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again.”
For now, it’s unknown how many users have suffered such attacks, nor where the attacks originally came from. Google has yet to comment on questions like these and provide more information.
Many of the journalists have received this kind of emails as well, and one of them originated from maryland.gov account, that’s associated with law enforcement. Apparently, it was addressed to “firstname.lastname@example.org”.
Phishing (or malware) Google Doc links that appear to come from people you may know are going around. DELETE THE EMAIL. DON'T CLICK. pic.twitter.com/fSZcS7ljhu
— Zeynep Tufekci (@zeynep) May 3, 2017
All of the phishing attacks so far involved some kind of scam with ads, emails or websites, that would appear to be legitimate and represent some trustworthy agency or similar organization. They would provide the victim with a link to a website that looked real but was in fact just a copy of the agency or organization that the hackers claimed to be from. The victims would then be asked for some sort of info, like usernames, passwords, birthdays, bank account information, social security number and alike, and that info, if provided, would be collected by the hacker, and later used to harm the victim.
Google has stated that they don’t ask for such information, and especially not via emails so that the would-be victims should not provide any, but instead, report the emails and report them as phishing attacks.
However, the attack that happened on Wednesday seems to be an evolved version, since it didn’t actually ask for any info, but instead used an unknown app to harvest the needed data. The app can, apparently, be revoked in the users’ settings, if the permission to access the email has already been granted.