topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Sunday December 15, 2024, 11:26 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Beware Google Docs Phishing Scam Today and How to Fix  (Read 4910 times)

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,914
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
A particularly convincing looking and wide spread phishing scam went out to lots of people today, appearing to come from a google docs sharing email.

More info here:


A widely reported e-mail purporting to be a request to share a Google Docs document is actually a well-disguised phishing attack. It directs the user to a lookalike site and grants the site access to the target's Google credentials. If the victim clicks on the prompt to give the site permission to use Google credentials, the phish then harvests all the contacts in the victim's Gmail address book and adds them to its list of targets. The phish appears to have been initially targeted at a number of reporters, but it quickly spread widely across the Internet. Some of the sites associated with the attack appear to have been shut down.

How to deal with it if you got tricked into clicking it:

It’s not that this is some “website that looks like google” and is “duplicating the google sign-in page”. It’s an actual Google Doc app, that you have to give permission to access your account details. That’s what makes it so dangerous, that it’s acting as a normal app would, requiring normal google authentication and authorization. It doesn’t gain access to your credentials, but the permissions it requests gives it access to a hell of a lot of stuff in your account. You have to revoke the app permissions at https://myaccount.google.com/permissions if you gave it access. People are saying on twitter “change your password”, but that won’t revoke access, you have to actively revoke access to disconnect the malicious app from your account. Click on each app in the list, any that are listed for today (or whenever you clicked through the email), revoke it to be safe. For me, it was called something like “Google Docs”, but may not be the same for everyone.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,190
    • View Profile
    • Donate to Member
Re: Beware Google Docs Phishing Scam Today and How to Fix
« Reply #1 on: May 03, 2017, 10:04 PM »
It has been corrected already.

https://www.reddit.c...ndetectable/dh36pv2/

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,964
    • View Profile
    • Donate to Member
Re: Beware Google Docs Phishing Scam Today and How to Fix
« Reply #2 on: May 04, 2017, 02:34 AM »
from the link
https://arstechnica....m-was-so-convincing/

In the future, I think we'll need to see a redesign of how Google's OAuth pages work. The problem is that the true entity to which you're granting permissions in Google's OAuth interface is buried under a drop-down window. Right now, the interface really relies on the app developer not lying about its name and app logo, and that's just not good enough.
Tom

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,914
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Beware Google Docs Phishing Scam Today and How to Fix
« Reply #3 on: May 04, 2017, 03:26 AM »
Ghacks summarizes what you should do if you think you might have been a victim:
https://www.ghacks.n...ishing-scam-do-this/