Google Docs Phishing Scam

There was a wide spread phishing campaign targeting those who use Gmail for email. The email came from a known contact stating the person has shared a Google Doc with you. If you click on the link you are redirected to a new webpage that grants access to your Google credentials.

From Arstechnica, All your Googles are belong to us: Look out for the Google Docs phishing worm

"It directs the user to a lookalike site and grants the site access to the target's Google credentials. If the victim clicks on the prompt to give the site permission to use Google credentials, the phish then harvests all the contacts in the victim's Gmail address book and adds them to its list of targets. Here's how to spot the fake e-mail:

  • Your address will appear in the "BCC:" field, not the "To:" field, of the message, though the message will likely come from the e-mail address of someone you know
  • The "To:" address on many of the messages is an address at "mailinator.com"
  • The link to the shared document will, if viewed as "source," appear as a long string of text, including a Google Docs look-alike Web address using a non-standard top-level domain."

Google has commented on this phishing campaign and has stated the following:

"Official Google Statement on Phishing Email: We have taken action to protect users against an email impersonating Google Docs & have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail."

From Computer World, Sneaky Gmail phishing attack fools with fake Google Docs app

"Security experts and Google recommend affected users check what third-party apps have permission to access their account and revoke any suspicious access."

Always remember to be cautious when opening and clicking on any unsolicited email that asks you to take an action.