‘Google Docs’ phishing scam spreads across web through disguised emails

4 May, 2017 02:36 / Updated 8 years ago

Google Docs users came across a new sophisticated type of phishing scam after many clicked a well-disguised link sent to Gmail accounts. The fraudulent invitations spread like wildfire before they were finally stopped, but many questions remain.

On Wednesday, several Gmail users received emails from known contacts, asking them to click on a link to Google Docs. Even diligent and cautious users fell for this new phishing scam, causing it to rapidly circulate far and wide.

Phishing scams usually involve fraudulent emails from cyber-criminals pretending to be someone else to steal money, valuable information, or even a person’s identity.

Once the user clicked the link, accepting an invitation to Google Docs, they were brought to a seemingly legitimate Google page. However, the app was not the real Google Docs, but a fake application with the same name.

Apparently, hackers registered an app with Google under the name “Google Docs,” then made a very similar looking landing page. Users on social media pointed out that the app was not registered to Google under the developer information, but to eugene.pupov@gmail.com. 

The novel aspect of this phishing scam was that users were not asked to enter any of their information, they only had to click on a few spoofed links to give the app permission to "view and manage your e-mail" and "view and manage the files in your Google Drive."

"This is the future of phishing," Aaron Higbee, chief technology officer at PhishMe Inc, told Reuters. "It gets attackers to their goal... without having to go through the pain of putting malware on a device."

Once the user clicked through all the links, hackers would be able to read their emails and forward the same phishing attack to anyone they had ever emailed.  

Anyone who granted access to the app also gave hackers the access to their Google account data, which could be used to access bank accounts or other sensitive information.

"This is a very serious situation for anybody who is infected because the victims have their accounts controlled by a malicious party," Justin Cappos, a cyber security professor at NYU Tandon School of Engineering, told Reuters.

On Wednesday, Google said it had “addressed the issue” after disabling the accounts, removing the fake pages and pushing updates through Safe Browsing. The company said they were “working to prevent this kind of spoofing from happening again," according to an official statement posted to Twitter.

A verified Google account on Reddit posted a statement that they were able to fix the issue within a half-hour after learning about the problem. 

Still, Google warns users to “not click through” the links and to report any phishing emails through Gmail as well.

Users who are afraid they fell victim to the scam can check their account by visiting the “connected apps and sites” page on their Google account. There, they can remove the app.

To avoid phishing emails, Google advises users not to provide information to any emails you do not know are legitimate. Google states that they will “never send unsolicited messages asking for your password or other personal information.”