Google Docs users hit with sophisticated phishing attack which spread like wildfire.

Yesterday afternoon a new variant phishing attack targeting Google Doc/Gmail users emerged and began to spread very quickly. The email used was very subtle and well disguised but within as little as 2 clicks you could have handed a mystery attacker the ability to read your Gmail and forward the phishing attack to all your contacts.

How did the phishing attack work?

You would receive an email from someone who may know inviting you to a shared document. The link which takes you to a real Google sign-in page, then asks you to grant permission to continue to “Google Docs”. However, this grants permission to a malicious third-party app misleadingly named “Google Docs”, giving the phisher access to you email account and address book.

The main difference between this and a “standard” phishing attack is that instead of using a fake Google web page to collect your data, they created the phishing attack to work within Google’s System, taking advantage of the fact you can create non-Google web apps with a misleading name. The issues seem to be resolved for now, below is the full statement from Google via the Google Docs Twitter account:

 What can we learn from this?

• Do not accept OAuth token requests from unknown people or services.
• Check which applications you have granted access to within your accounts regularly. Remove any suspicious apps immediately and revoke its access.
• Have a good understanding of what to look out for within an email so you can decipher if it is a legitimate email from a reputable sender.

If you have any questions about email security, phishing or our new Phishing Awareness Training Service, Get in touch