A massive phishing campaign is spreading like wildfire

May 3, 2017 21:00 GMT  ·  By

A new massive phishing campaign has been launched, targeting Google accounts. This time around, you should beware of Google Docs links included in the emails you receive. 

Social media is full of people from all over the job spectrum complaining about emails they received containing what appears to be a link to a Google Docs document from someone they know. Instead of that work report they may have expected, the malicious emails are designed to hijack accounts.

How to spot it

The malicious emails have loads of recipients in BCC and they may even come from people you know who have had their accounts compromised. People on social media are complaining about getting the links from their friends.

Once you tap that Google Docs button, the login screen takes you to a genuine Google domain. That domain, however, asks for you to grant access to an app called Google Docs that's not actually the real app we all know and use, which doesn't require any such permissions since it's already part of the Google universe.

How to fix it

In case you've fallen victim to the same scheme, you should go to your Google account page. There, go visit the Permissions page, where you can manage what apps have access to your data. Find "Google Docs" and remove authorization. While it may seem legitimate, it's not and it can damage your account. If the malicious app got access to your account after clicking the link, there should be a recent authorization time, so you'll know which one to remove.

If you've received such an email, don't click the link. If you're at work, contact your IT department or whomever handles digital security.

Google seems to have already started blocking this particular campaign as such emails are no longer getting delivered, even if you forward the infected email from one of your accounts to another. It doesn't mean that you may not end up with it in your inbox or that it's not there already. Therefore, pay attention and stay safe!

Update:

Google has confirmed that it has dealt with the issue. "We have taken action to protect users against an email impersonating GoogleDocs, and have disabled offending accounts. We've removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again," Google wrote in an announcement.

Update 2:

"Even the most trusted source for digital assets (document repositories, photo buckets and shares) can be spoofed and used against you and your loved ones. Granting access to your data should always be a proactive process that you are performing. Responding to emails, pop-ups and other digital forms to grant access is an extremely risky thing to do," said Fleming Shi, SVP, Advanced Technology Engineering at Barracuda Networks.