Google Docs Phishing Scam – What You Need to Know to Protect Yourselves
Reports from both The Independent and The Register have been discussing the latest large scale phishing scam to hit users of Google, and specifically anyone with a Gmail account.
The Register has recommended:
“If you get an email today sharing a Google Docs file with you, don’t click it – you may accidentally hand over your Gmail inbox and your contacts to a mystery attacker.”
How it works
Gmail users will receive an email along the lines of:
“<User> has shared a document on Google Docs with you” and asks you to click the link which will take you through to a bona fide Google authorisation page which will ask you to authorise the ‘application’ to access your contacts and emails (granting read and write access).
The Register continued:
“Except it’s not actually the official Google Docs requesting access: it’s a rogue web app with the same name that, if given the green light by unsuspecting marks, then ransacks contact lists and sends out more spam. It also gains control over the webmail account, including the ability to read victims’ messages and send new ones on their behalf.
“Apparently no one at Google thought to block someone calling their app Google Docs.”
Google has provided a response and appeared to have reacted quickly:
“We realize people are concerned about their Google accounts, and we’re now able to give a fuller explanation after further investigation. We have taken action to protect users against an email spam campaign impersonating Google Docs, which affected fewer than 0.1% of Gmail users. We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems.
“We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed. There’s no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup.”
The bad news is these types of security infiltrations are on the increase and certainly on the terms of impact as was described by the latest Symantec Internet Security Threat Report:
The good news is that SCC has a set of security-based services to ensure you can prepare, plan and react to any security or cyber challenges that may be a risk to your business. These include:
- Accredited and experienced advisory services across a number of security vendors such as Cisco; Fortinet; Symantec; Mimecast; McAfee and CheckPoint;
- Multi-layered design approach considering security as a whole for our customers, taking into account newer technologies such as Sandboxing;
- Security solutions based on business need considering both on premise and cloud subscription services to build Advanced Threat Protection and defence in depth into the security fabric.
For more information, or advice, contact SCC today at [email protected]