A major phishing attack targeting Google accounts started to spread across the internet yesterday afternoon.
Although the scam is thought to have been resolved, if someone invites you to edit a file in Google Docs today, DON’T OPEN IT.
In typical phishing attacks, hackers create a fake site with a similar URL to a real one and trick unsuspecting users into visiting it and entering their login details.
The new attack is a little different and was explained in a post by Redditor JakeSteam in the subreddit r/Google.
First, you get an email from a legit contact that a Google Doc has been shared. When you click on the button to open it, you are taken to a real Google account selection screen where you select the account that you want to use.
What appears to be Google Docs then asks for several permissions to access your account. From there it self-replicates and sends itself to all your own contacts. The tell is that the real Google Docs doesn’t need to ask any permissions.
The attack bypasses two-factor authentication and login alerts and because you gave the hackers full access to your email, it’s possible that they could get their hands on anything stored in your emails.
If you’ve already been hit by the attack, change your account settings to revoke access to the fake Google Docs and send an email to all your contacts letting them know your account was compromised.
If you opened the Google Docs phishing email, here's how to fix:https://t.co/cucndZ39ad
If you see Google Docs, delete it pic.twitter.com/UH9bDgbqhK
— Tom Warren (@tomwarren) May 3, 2017
According to Ars Technica’s IT expert, there is no need to change your password, but if it makes you feel better, by all means, go ahead and do so.
@binarybits Correct—this is not a password thing. You’re granting the phisher access to your account via OAUTH and you need to remove that authorization
— Lee Hutchinson (@Lee_Ars) May 3, 2017
In a statement to The Verge, Google has just confirmed that it has fixed the phishing attack, saying:
We have taken action to protect users against an email impersonating Google Docs and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again.
Better to be safe than sorry, though. Be extra vigilant on any Google Doc invites you receive in the next few days.