A phishing scam has been making the rounds recently. It is a quite sophisticated scam that uses a 3rd party application (posing as a real Google property) that has been placed on Google’s app store. After users login to their Google account (this is a real login on the real Google website) they are asked to grant full permissions to their data to this malicious application.
If access is granted this application will now have access to all of your data including contacts, password cache, emails, and any other data Google has accumulated. The attackers have called this application “Google Docs” – the same name as a legitimate Google property that is an online collaboration tool where users can login and edit the same document remotely. This is to trick people into thinking they are giving permission to a real Google Application when in fact it is a 3rd party app.
This scam has been so successful because it uses real Google websites to convince you that you are safe. The login page is the real Google login page, the permissions pages are real Google permissions pages. It is simply the application that copies the name of a real Google property that is not legitimate.
It is a well crafted scam that lures people into a false sense of security by minimizing the number of potential red flags. All of us naturally scan aspects of the page to see if they seem legitimate or fraudulent. By using real Google login processes it helps relax the user and reduce the number of red flags.
I must stress that this is done through an open source application platform that Google supports but does not create. This means that anyone can put an application on this platform. By masquerading as a Google product the attackers were able to gain access to 100’s if not 1000’s of peoples Google data. Google is working hard to shut down any and all of these types of applications, however, as long as they continue to work they will continue to pop-up.
How it Works
You receive an email saying someone added you to a Google Doc. You are then asked to follow the link to view the document. Once you click the link it takes you to a real Google login page where you physically login to your Google account (or if you are already logged in it will ask which account you would like to use). Once you have logged in, the third party application named “Google Docs” will ask for full permissions to your data.
This is essentially an application asking to see anything and everything about you. Google has this process in place so you can see which applications are asking to see what data. (Tip: If you notice an application is asking for too much access it is a good idea to cancel installation and do a little further research.) If you accept the permissions, the 3rd party application now has access to all the information Google has on you including access to your account, personal information, passwords, emails, etc.
How To Spot It
The first red flag, for me, was when I noticed that someone I didn’t recognize added me to a Google Doc. Generally, you only gain access to a document when you are working directly with someone. If you do not know who the sender is – red flag.
Next, I took a look at the senders’ address. Here the firstname.lastname@example.org gave it away for me. As far as I was concerned, no human would ever have that email address.
Lastly, to confirm my suspicions I turned to Google (I highly suggest Googling anything you may deem as spam – if it really is spam chances are other people have experienced it as well and there will be some information on the scam). Google confirmed my suspicions stating that this was a sophisticated but definitely malicious phishing attempt.
Note: If you are ever unsure of a link do not click it. Feel free to contact a member of our team and we would be happy to check it out for you. Better safe than sorry!
What To Do
If you notice one of these emails in your inbox not to worry – simply delete it. If someone you do not know shares a file with you do not accept it. Question everything, if something looks wrong it probably is – trust your instincts!
If you accidentally fell victim to one of these attacks you can protect yourself. First go to your account settings in Google, click on “Connected Apps & Sites” on the left menu, click on “Manage Apps”, then you can remove “Google Docs” from the list of Apps. Once removed make sure to change all your passwords for any account that is linked to your Google account as well as any account you may have logged into while also logged into your Google Account.