Phishing Attack on Google Docs

Posted on May 16, 2017 by ORC Editor

Phishing Attack on Google Docs

A sophisticated phishing or malware attack at Google Docs users is now widespread: users receive emails inviting them to edit a Google Doc, with a subject line stating a contact “has shared a document on Google Docs with you”. If you click the “Open in Docs” button, you will be taken to a legitimate Google sign-in screen inviting to “continue in Google Docs”. But if you click it, you grant permission to a bogus third-party app with a deceptive name to access contacts and email. As a result, you can find spam spreading to additional contacts.

Google has confirmed that it is aware of the problem and investigating it. Google Docs users were asked to report the email as phishing within Gmail. The company informed them that it has disabled offending accounts, removed the fake pages, and pushed updates through Safe Browsing. However, it is still unclear how many people had been affected and where the attack may have originated.

Phishing scams usually involve emails, advertisements or websites that appear to be real and ask for personal data, like usernames, passwords, SSNs, bank account details or dates of birth. Google informed its users that it never sent out emails asking for this type of information and warned them not to click on any links and to report suspicious messages.

However, this attack seemed to be more advanced than a typical email phishing scam, as it doesn’t simply take users to a bogus Google page to collect passwords. This time, the phishing mechanism is working within Google’s system with a third-party web app. By the way, people who have already granted such permission can go to their settings and revoke the app.


Recent articles

May 17, 2017

International cyber-attack affects South Africa

Could your company be at risk? Late last Friday night the world's biggest cyber attack was launched, affecting 150 countries which included South Africa. Companies have spent the weekend...
ORC Editor
May 17, 2017

Netflix Bans 'rooted' Android devices

Netflix customers who previously viewed the service using a 'rooted' Android device are no longer able to do so, at least officially. The development has been confirmed by Netflix, who say that...
ORC Editor
May 17, 2017

Dating Site Data Breach

The world still remembers the high-profile dating website data breach at Ashley Madison: at the time, the hackers released the personal data of 37m users in order to reveal the dishonesty of the...
ORC Editor
May 16, 2017

Before Starting a Home Business

Before starting your own business from home, you might want to consider asking yourself these questions first. If you don’t take the time to consider these, you may find that you end up doing...
ORC Editor

View all blog entries

-:--:- -:--:--:--:--:-