A Google phishing scam has been spreading like wildfire over the past couple of days. Emails have been sent in the millions inviting people to edit Google Docs files. The emails appear to have been sent by known individuals, increasing the likelihood of the messages being opened and the links being clicked.
In contrast to many email scams that include a link to a spoofed website, this scam directs the recipient to Google Docs. When the user arrives at the site they will be presented with a legitimate Google sign-in screen.
The Google phishing scam works within the Google platform, taking advantage of the fact that individuals can create a third-party app and give it a misleading name. In this case, the app has been named ‘Google Docs.’
This makes it appear that Google Docs is asking for permission to read, send, delete, and manage emails and access the user’s contacts. However, it is the creator of the app that is asking to be granted those permissions. If users check the developer name, they will see that all is not as it seems. Many individuals will not check, since the permission screen also includes Google logos.
Signing in will give the attacker access to the user’s Google account, including their emails, Google Docs files, and contact list. Further, signing in on the website will also result in the victim’s contact list being sent similar invitations. Unsurprisingly, many have fallen for the Google phishing scam and countless emails are still circulating.
The scam appears to have started at some point on Wednesday. Google has now issued an official statement saying it is taking action to protect users and has disabled the accounts that are being used to conduct the scam.
Protect your MSP clients with the newest zero-day threat protection and intelligence against anti-phishing, business email compromise and zero-day attacks with PhishTitan.
Free Demo
Google confirmed the actions it has taken in response to the phishing scam, saying “We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”
Anyone who receives a request to edit a Google Doc should treat the request with suspicion, even if it has been sent from someone known to the recipient.
If you think you may have fallen for this phishing scam it is likely that emails will already have been generated and sent to your contacts. However, you can take action to block the threat by revoking the access rights you have given to the app through the Connected Apps and Sites page.
The Google phishing scam is highly convincing and clearly shows how sophisticated cybercriminals are getting in their attempts to gain access to sensitive information and why it is imperative that email users be permanently on their guard.