UPDATE: May 10, 2017
Last week, reports of Google Docs phishing attacks surfaced. Although the initial attack was contained by Google, there could be ongoing violations of victims servers if they clicked on the corrupted “Google Docs” link. If you think you have been attacked YBS is here to discuss solutions.
Initial stories suggested that journalists were the primary target of the purported Google Docs vulnerability, but subsequently released information suggests that no particular group of users were at risk. Reports widely reference an origin e-mail address of “firstname.lastname@example.org,” with others copied on the message.
Vice was one of the first outlets to cover the rumors:
A massive phishing campaign targeting Google accounts is ripping through the internet right now.
Several journalists, as well as people working in other industries, have said they’ve received emails containing what looks like a link to a Google Doc that appears to come from someone they know. These, however, are malicious emails designed to hijack your account.
At approximately 4:15 P.M. Eastern Time, GMail sent a tweet confirming they were investigating reports of a vulnerability and warned users to be on alert.
Zach Latta of HackClub.com tweeted a series of tips for users who believed they were infected by the phishing attack:
Google has advised people with security concerns to review their Google permissions for unauthorized apps, including one called “Google Docs”.
From May 3, 2017:
A Google Docs scam that appears to be widespread began landing in users’ inboxes on Wednesday in what seemed to be a sophisticated phishing or malware attack.
The deceptive invitation to edit a Google Doc – the popular app used for writing and sharing files – appeared to be spreading rapidly, with a subject line stating a contact “has shared a document on Google Docs with you”. If users click the “Open in Docs” button in the email, it takes them to a legitimate Google sign-in screen that asks to “continue in Google Docs”.
Clicking on that link grants permission to a bogus third-party app to possibly access contacts and email, which could allow the spam to spread to additional contacts.
Are You Prepared to Fight Against Phishing?
Get started with YBS Backup & Disaster Recovery (BDR) Planning & Implementation, which can include Phishing, Ransomware, Malware and Virus Protection.
Your data is the lifeblood of your business. 78% of all businesses who experience a major loss will go out of business within the first year. You need to protect it from disaster, business emergencies, viruses, phishing, worms. and more. We can help.
“We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts,” a spokesperson said in a statement. “We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again.”
The company did not immediately respond to requests for comment on how many people had been affected by the attack and where it may have originated.
Numerous journalists have reported receiving the phishing email, including multiple Guardian reporters. One message to the Guardian came from a maryland.gov account associated with law enforcement and was addressed to “email@example.com”, and blind-copied the reporter. Reporters at BuzzFeed, Hearst, New York Magazine, Vice and Gizmodo Media have also reported receiving the scam.
This article originally ran in the GuardianUK by Sam Levin with most major news outlets covering the Google hack.