Yesterday, a phishing hoax, organized against Google Docs service and its clientele, was detected and soon enough, prevented from going any further. People that own accounts in Google reported to receive bizarre email messages from a very suspicious source: [email protected].
Even though scammers attempted to pose as representatives of Google Docs, this email address should have been instantly labeled as rogue. What respectable service would choose such an address and contact its clients via it? Google acted without any delays and the phishing scam was suppressed in an hour.
People that were unfortunate enough to have their rationality tested indicated that they were very close to believing the email message was legitimate. The letter was shaped to look as if a friendly source was trying to share something with the recipient via Google Docs.
The message contained a button which had to presumably transfer people to the main content. The link, even though now its unreliability is now revealed, might have looked quite convincing as it was created to resemble an URL that Google would actually transmit.
Then, the user was supposed to sign into a specific account and grant a permission for Google Docs to access it as well. However, once this permission is given, it turns out that everything was a set up. You are deceived into giving Google Docs access to your account without realizing that you were actually allowing an unknown party to review your email messages and other content that might be found on the account. In this case, scammers used an infected victim to distribute this phishing scam further. How? The affected account automatically sends deceptive letters to all its accounts.
Google has prevented this phishing scam from spreading
Google was quick to discover how the attack occurred. It appears that hackers relied on a vulnerability which was present in Google Docs. It gave permission for its users to generate web apps outside Google with the title of Google Docs. Google revoked memberships of crooks that had been identified as responsible for this attack, eliminated rogue websites and initiated patches. However, for a more thorough explanation to be made, Google indicates to require a little more time to finish up their investigation. As usual, Google hopes to successfully prevent similar attacks from happening in the future and we believe that security analysts will be able to do this.
Google encourages people to report similar incidents every time they are noticed. If you notice that a suspicious message ends up in your account, you are advised to report it to your emailing platform. Maybe dozens of other people have received similar letters and you could participate in the process of preventing phishing scams from being successful. If odd messages with links or attachments have found their way to your account, we advise you to be extremely careful in the way you respond to them.
Sources: theverge.com