A phishing attack has recently started showing up in the inbox of Gmail users, attempting to convince them that one of their contacts is sharing a Google Doc with them. The attack is especially heinous, as the shared link appears to come from a known contact—maybe even someone you email regularly.
Upon opening the email, the user is informed that someone wants to share a Google Doc with them and that “Google Docs” is requesting permission to read, send, and delete emails, as well as manage their contacts. The user is presented with buttons that say Allow and Deny.
Once a user clicks on the fraudulent Allow link, they will be redirected to a Google account sign in page. If you sign in, the attack will then spam your entire contact list with the same phishing email, although it is unclear what the intent of the attack is just yet.
SEE: Information security incident reporting policy (Tech Pro Research)
Despite the purpose of this attack, it is important to note that once you sign in through the fraudulent link, attacks have access to your credentials. This means they’ll be able to sign into your Gmail account and any other online account that OAuths through your Google account.
One way of determining whether or not an email you received was part of the scam is to look at who it is addressed to. The scam emails are often addressed to firstname.lastname@example.org, with other addresses copied on.
If you believe may have accidentally clicked the link, it’s important that you immediately change your password for your Google account, and any online accounts where you may have used the same password. Users can also access their account permissions here, and remove permissions for “Google Docs,” which is the fraudulent service introduced by the email.
If you haven’t opened the email, Google recommended in a tweet that you simply report it as spam. In an official statement, Google said that it has officially removed the offending account, but it recommends that affected users still perform a security checkup.
In light of the attack, Google also gave the Gmail on Android app a boost in its ability to alert users to potential phishing attacks. Gmail users on Android will now be presented with a red warning if they click on a link that the system determines is some sort of forgery.
The 3 big takeaways for TechRepublic readers
- A new phishing attack recently targeted Gmail users with a fake Google Docs link, requiring them to sign in to their Google account.
- While Google has removed the offending account, affected users should still remove the fake Google Docs app from their permissions.
- Gmail for Android also got a new alert feature to warn users of potential phishing scams in their email.
Source: SANS ISC SecNewsFeed @ May 4, 2017 at 09:54AM