/ TitanHQ Blog
/ Google Docs Phishing Scam - Tricks User To Give Access To Malicious Third Party App
Posted by C Henry on Thu, May 4th, 2017
There’s a clever phishing scam doing the rounds – the potential victim receives an email claiming to be from a Mailinator account, which they dispute is related to their service.
The email reads as follows:
Once clicking "Open in Docs," victims were asked to grant access to their account to a fake Google Docs app, which takes advantage of that access to highjack the victim's contacts list and use it to send out identical phishing emails to replicate the attack.
The sophisticated scam is very believable as it worked through Google's system. Most phishing scams try to steal personal information from victims by leading them to fake versions of real websites from an email.
Google reacted swiftly to the attack by shutting down the rogue app and adding warnings to suspected phishing emails.
What to do:
- Tell your users not to click on any Google Docs invitations they received on Wednesday.
- If they suspect their Google account may have been compromised: Tell them to go to https://myaccount.google.com/u/0/permissions to check what apps have authorized access. If they see a "Google Docs" app authorized on Wednesday they should remove it as well as any other apps they don't recognize.
- Make sure you're prepared for additional phishing emails.
Google issued a number of statements detailing what happened and how it's protecting users from such exploits explaining that fewer than 0.1% of Gmail users were affected. They were also able to stop the scam within approximately one hour.
While phishing techniques are getting more sophisticated, there are lots of things users can do to avoid being phished. IT pros need to ensure their organization deploys a powerful spam filter that scans inbound and outbound email, provides RBL blocking and pattern filtering. Spam filters vary in effectiveness and are only part of the solution to preventing intentionally malicious attacks — especially phishing emails.
Be on the lookout.
Read more here