Practically everyone uses Google Docs—you can collaborate with coworkers and friends, sharing any information you want to in real-time. Now, a new cyberattack has emerged in which a Google doc phishing link is sent a victim, hoping they click it and infect themselves with malware. But here’s the catch—this nasty malware manages to mask itself as a sender who is a familiar face to the victim. And unfortunately, is pretty convincing.
This phishing scam has hit Gmail inboxes everywhere today. And, leveraging a common social engineering technique, it looks exactly like an email from a friend would. Here’s a screenshot of what the message looks like in a victim’s inbox, as provided by Fortune:
So, what happens if you click on the malicious link in your inbox? First, you arrive at a login screen that looks almost identical to the same screen you’d see if someone actually invited you to a Google Doc. It lists your Google Accounts, and it even reflects Google’s recent redesign. What’s worse—the page manages to resemble a very realistic Google.com URL and clicking on the link appears to confirm the page’s legitimacy.
Then, that page invites you to choose which account you’d like to use to view the Google Doc, and you’re taken to a page that invites you to grant access to your Google Account. Basically, you’ve just given the cybercriminal launching the attack gains access into your entire Gmail account.
Beyond social engineering its victims, this attack’s success is dependent on a flaw in Google’s security design. The page that lists the apps with access to your Gmail count isn’t able to distinguish between apps that are made by Google and apps that aren’t.
Fortunately, Google has already responded to the incident and plugged holes. As a spokesperson stated, “We have taken action to protect users against an email spam campaign impersonating Google Docs, which affected fewer than 0.1% of Gmail users. We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems.” Regarding the extent of damage done to that .1%, the spokesperson said, “While contact information was accessed and used by the campaign, our investigations show that no other data was exposed.”
Additionally, the tech giant responded to the attack by releasing a new security feature for Gmail on Android that warns users when they click on a suspicious link in an email.
So, what happens if you’re sent a questionable link from a “friend” today? The good news is this phishing email has been consistently addressed to “hhhhhhhhhhhhhh,” so clearly you can identify the attack that way. And if you do in fact receive this scam, do not click the link.
Clicking on links from your email is highly risky. McAfee chief scientist Raj Samani warns, “Phishing attacks remain the most common method of manipulating individuals into clicking on links and ultimately installing malicious content onto their systems.”
Samani suggests being aware of the emails that you’re expecting and we wary of every unexpected email. “Go straight to the source through a different communication channel if you receive a link you were not expecting. Also, hover over links to see if it is a reliable URL. Or search online for other instances of this campaign and what those instances could tell you about the email’s legitimacy.”
Then, delete suspicious emails entirely. In the case of this scam, make sure to report receiving it to Google as they’ve requested (see below).
Unfortunately, though there has been some speculation, it is yet to be determined who is responsible for this attack.