Google Docs Phishing Scam - Tricks User To Give Access To Malicious Third Party App

Home / TitanHQ Blog / Google Docs Phishing Scam - Tricks User To Give Access To Malicious Third Party App

Posted by C Henry on Thu, May 4th, 2017

There’s a clever phishing scam doing the rounds – the potential victim receives an email claiming to be from a Mailinator account, which they dispute is related to their service.

The email reads as follows:

Once clicking "Open in Docs," victims were asked to grant access to their account to a fake Google Docs app, which takes advantage of that access to highjack the victim's contacts list and use it to send out identical phishing emails to replicate the attack.

The sophisticated scam is very believable as it worked through Google's system. Most phishing scams try to steal personal information from victims by leading them to fake versions of real websites from an email.

Google reacted swiftly to the attack by shutting down the rogue app and adding warnings to suspected phishing emails.

What to do:

Tell your users not to click on any Google Docs invitations they received on Wednesday.
If they suspect their Google account may have been compromised: Tell them to go to https://myaccount.google.com/u/0/permissions to check what apps have authorized access. If they see a "Google Docs" app authorized on Wednesday they should remove it as well as any other apps they don't recognize.
Make sure you're prepared for additional phishing emails.

Google issued a number of statements detailing what happened and how it's protecting users from such exploits explaining that fewer than 0.1% of Gmail users were affected. They were also able to stop the scam within approximately one hour.

While phishing techniques are getting more sophisticated, there are lots of things users can do to avoid being phished. IT pros need to ensure their organization deploys a powerful spam filter that scans inbound and outbound email, provides RBL blocking and pattern filtering. Spam filters vary in effectiveness and are only part of the solution to preventing intentionally malicious attacks — especially phishing emails.

Be on the lookout.

Best Firewall Security Zone Segmentation for Optimal Network Security

Geraldine Hunt

Hardware firewalls are the cornerstone of network security for almost all TCP/IP networks. For SMB and enterprise network environments, the network firewall provides the basic defense against attacks.

7 Feb

Beware Valentines Day Phishing Attacks.

C Henry

With Valentine's Day around the corner, cybercriminals are ramping up spam and phishing attacks targeting this lover's holiday.

20 Dec

Christmas Time is Here, and so is Ransomware

Trevagh Stankard

German cybersecurity authority, BSI along with the FBI and Cybersecurity and Infrastructure Security Agency (CISA) have issued warnings to companies to be extra alert over the approaching holiday season for...

Get Your 14 Day Free Trial

Talk to Our Email and DNS Security Team

Call us on USA +1 813 304 2544 or IRL +353 91 545555