Main Area and Open Discussion > Living Room

Beware Google Docs Phishing Scam Today and How to Fix

(1/1)

mouser:
A particularly convincing looking and wide spread phishing scam went out to lots of people today, appearing to come from a google docs sharing email.

More info here:


* https://arstechnica.com/security/2017/05/google-docs-phish-worm-grabs-your-google-app-permissions-contacts/
* https://arstechnica.com/security/2017/05/dont-trust-oauth-why-the-google-docs-worm-was-so-convincing/
* http://www.independent.co.uk/life-style/gadgets-and-tech/google-phishing-emails-attack-gmail-scam-link-doc-invitation-hack-a7716581.html
* http://gizmodo.com/a-huge-and-dangerously-convincing-google-docs-phishin-1794888973
A widely reported e-mail purporting to be a request to share a Google Docs document is actually a well-disguised phishing attack. It directs the user to a lookalike site and grants the site access to the target's Google credentials. If the victim clicks on the prompt to give the site permission to use Google credentials, the phish then harvests all the contacts in the victim's Gmail address book and adds them to its list of targets. The phish appears to have been initially targeted at a number of reporters, but it quickly spread widely across the Internet. Some of the sites associated with the attack appear to have been shut down.
--- End quote ---

How to deal with it if you got tricked into clicking it:

It’s not that this is some “website that looks like google” and is “duplicating the google sign-in page”. It’s an actual Google Doc app, that you have to give permission to access your account details. That’s what makes it so dangerous, that it’s acting as a normal app would, requiring normal google authentication and authorization. It doesn’t gain access to your credentials, but the permissions it requests gives it access to a hell of a lot of stuff in your account. You have to revoke the app permissions at https://myaccount.google.com/permissions if you gave it access. People are saying on twitter “change your password”, but that won’t revoke access, you have to actively revoke access to disconnect the malicious app from your account. Click on each app in the list, any that are listed for today (or whenever you clicked through the email), revoke it to be safe. For me, it was called something like “Google Docs”, but may not be the same for everyone.
--- End quote ---

wraith808:
It has been corrected already.

https://www.reddit.com/r/google/comments/692cr4/new_google_docs_phishing_scam_almost_undetectable/dh36pv2/

tomos:
from the link
https://arstechnica.com/security/2017/05/dont-trust-oauth-why-the-google-docs-worm-was-so-convincing/

In the future, I think we'll need to see a redesign of how Google's OAuth pages work. The problem is that the true entity to which you're granting permissions in Google's OAuth interface is buried under a drop-down window. Right now, the interface really relies on the app developer not lying about its name and app logo, and that's just not good enough.
--- End quote ---

mouser:
Ghacks summarizes what you should do if you think you might have been a victim:
https://www.ghacks.net/2017/05/04/fell-prey-to-google-docs-phishing-scam-do-this/

Navigation

[0] Message Index