Beware of This Phishing Attack Disguised as Google Docs

By Sia. in Internet. May 5, 2017.

Google account owners may want to keep a close eye on their emails from this point forward as a new kind of phishing attack has been discovered. However, unlike most phishing attacks, this one can be particularly convincing thanks to the lengths the hackers have went to disguise it.

The phishing attack itself begins life disguised as an unassuming email that invites the user to edit a Google Docs document. Should the user accept the invitation, they would be brought to the Google account selection screen in which they would be able to choose an account to open said Doc file with.

Phishing (or malware) Google Doc links that appear to come from people you may know are going around. DELETE THE EMAIL. DON'T CLICK. pic.twitter.com/fSZcS7ljhu

— Zeynep Tufekci (@zeynep) May 3, 2017

Upon selecting an account, the website will prompt the user to allow the app to access the information found inside the account. If the user chooses to allow access, the phish attack would begin and the contacts within the affected Google account will be used to launch additional attacks.

While phishing attacks aren’t new to Google as a whole, this particular attack has turned out to be extremely effective due to how well crafted it is. The initial Google Docs invitation was created to be highly convincing, and the phishing attack also utilised the OAuth authentication interface to give the attack a sense of legitimacy to it.

As such, those who are used to glancing at their emails would be extra susceptible to this attack. As meticulously crafted as this phishing attack is, this attack does contain signs that gives away its nature.

For one, those who receive the email will find their address listed in the "BCC" field instead of the normal "To" field. Secondly, the "To" field will contain an email address that ends with "mailinator.com", although the most commonly used address appears to be "hhhhhhhhhhhhhhhh@mailinator.com".

Finally, the source of the shared document will appear as a long string of text that includes Google Docs-like web addresses.

If you’re one of the many that unknowingly gave permission to the phishing email, it’s imperative that you head over to the Google accounts management page and revoke the permission for the Google Docs app.

Thankfully, Google has since cracked down hard on this particular phishing attack, so it is unlikely that you’ll be affected by it. That being said, knowing how tenacious some of the hackers out there can be, it would be wise to remain extra vigilant with the emails you receive.

Source: Reddit