Thursday, 14 December 2017
Latest news
Main » Google warns of phishing email spreading in Docs

Google warns of phishing email spreading in Docs

04 May 2017

"We have taken action to protect users against an email impersonating Google Docs [and] have disabled offending accounts", Google said in a statement.

Google did not respond for requests to comment beyond its tweet and other security experts said that victims should remove the hackers from their accounts as soon as possible.

Watch out, internet! A new email phishing scam involving Google Docs is circulating through people's inboxes.

It's a useful process for connecting different accounts, but users can be tricked into granting access to a malicious app, as happened yesterday.

If you click, it takes you to a page to open the "Google Docs" app with your Google account. Enough people, in fact, that the hashtag #PhishingScam began trending on Twitter and email inboxes clogged with almost as many warnings about the scam as instances of the scam itself.

The sophisticated attack looks like it is coming from a trusted source asking you to open a Google Document. If they agreed, the app would then send additional copies of the original email to the users' contacts.

"While contact information was accessed and used by the campaign, our investigations show that no other data was exposed".

As 1010 WINS' Al Jones reported, the latest email scam looks exactly like it is through Google Docs. Once users grant permission to the app, the attacker was given access to all their email and contacts.

Mr Cappos said he received seven of those malicious emails in three hours on Wednesday, an indication that the hackers were using an automated system to perpetuate the attacks.

This is a popular phishing method. We encourage you to not click through, & report as phishing within Gmail.

"As we have seen repeatedly, these kinds of schemes are usually the precursor to larger nefarious activities, like money transfers, planting ransomware, etc.", said Frances Zelazny, VP of cybersecurity startup BioCatch.