Last week, a major phishing attack swept the internet by using Google Docs to infiltrate users’ passwords and credentials. Appearing as a Google Doc link sent from a familiar contact, when recipients clicked, they were sent to a normal looking Google login page where they had to enter their passwords ostensibly before viewing the document. “The importance of this phish is not how it spread, but rather how it didn’t use malware or fake websites tricking users to give up their passwords,” said Aaron Higbee from PhishMe. “This phish worked because it tricked the user into granting permissions to a third-party application.”
Our software security experts at Security Compass created the video below to help users identify this phishing scam, and others like it, and know how to avoid falling victim to it. Watch here and follow along with the script below.
This is Json, he’s a pretty regular guy. He’s worked at CompuComp for 5 years. His company recently switched to Gmail for all of their business communications and file storage.
This is Query, she’s a pretty regular gal. She runs her own wedding photography company and primarily works from home. She uses gmail for personally and for her business.
Both of them share documents using G-Docs. Both of them got hacked without even knowing it.
Json received an email from his manager. It looked like this. Query received an email from one of her current clients, it looked like this.
Not So Easy to Spot
This phishing attack wasn’t as easy to spot because it came from someone in your contacts and the email contains a Google Docs link that shows no signs of being suspicious.
How it spreads
Once you click on the Google Docs link, it will ask which Google account you want to authorize.
Then it will ask permission to access your contact list and send e-mail on your behalf. Once allowed, you’ll help spread the attack further. Your contacts will get a similar phishing e-mail coming from you which they will most likely view as trustworthy.
Ways to protect yourself
Check the authenticity of the app requesting authorization by clicking Developer info. Verify that the redirect link is not malicious. Don’t give permissions to apps that seem suspicious.
Fortunately, Google added security measures to prevent a similar attack from happening in the future.
If you want to learn more about security awareness and defending techniques, take a look at some of the other courses we offer.