Google Docs Users Hit with Massive Phishing Attack

On Wednesday morning (PST), users of the popular Google Docs software suite were targeted in a comprehensive phishing campaign that allowed attackers to obtain victims’ contact lists while accessing their Gmail accounts to spread spam.

The sweeping phishing campaign saw people across a number of industries who received emails containing a Google Doc link that purported to come from a contact they know. The fake link, as a part of the phishing campaign, was devised to compromise users’ Google accounts.

Those who fell for the fake link saw a bogus screen styled to look like a Google sign-in page. In the next page, the app seeking permission presents itself as “Google Docs’. AS in, ‘Google Docs would like to read, send, delete and manage your email & Manage your contacts’. A number of journalists have revealed that they received the spam emails.

The phishing campaign even bypasses two-factor authentication (2FA) since the victim willingly and unknowingly gives permission to the app.

If allowed, the attacker behind the phishing campaign gains control of the victim’s email account. At this point, the perpetrator proceeded to spam-blast emails to everyone on the victim’s contact list.

To its credit, Google proceeded to act swiftly and claimed that it had stopped the phishing campaign “within an hour”.

A statement from Google read:

We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”

With a second update, Google revealed that the phishing campaign had affected fewer than 0.1% of Gmail users. The internet giant removed the fake pages and applications and pushed security updates through Gmail, Safe Browsing and other anti-abuse systems.

“While contact information was accessed and used by the campaign, our investigations show that no other data was exposed,” Google added.

Users who want to review the security of their Google account are advised to visit Google Security Checkup.

Image credit: Pexels.