Alert – Google Docs phishing attack

May 8th, 2017
Alert – Google Docs phishing attack

ManagedMarketer_GoogleDocsPhishing-blogpost

If someone invites you to edit a file in Google Docs be vigilant — it may be spam from a phishing scheme that began spreading quickly last week. As detailed on Reddit, the attack sends targets an emailed invitation from someone they may know, takes them to a real Google sign-in screen, then asks them to “continue to Google Docs.” But this grants permissions to a (malicious) third-party web app that’s simply been named “Google Docs,” which gives phishers access to your email and address book.”

The key difference between this and a very simple email phishing scheme is that this doesn’t just take you to a bogus Google page and collect your password — something you could detect by checking the page URL. It works within Google’s system, but takes advantage of the fact that you can create a non-Google web app with a misleading name.