Sophisticated Google Docs phishing scam goes viral

OAuth abuse looks convincing, but is a user registered with a fake account

You just can’t trust anyone these days, not even an official looking notification hosted on Google’s own domains: A recent attack used a legitimate looking OAth request to get folks to hand over the keys to their email castle.

The invitiation came disguised as a shared Google Doc invitation:

read more

Source: Security Bloggers Network @ May 3, 2017 at 06:55PM