The extra-tricky phishing email has been sent to millions of gmail users, and it’s getting results.
As we’ve always said, “Don’t click the link in your email!” Well, this particular scam is catching people off guard. So let’s take a look at the Google Docs phishing scam.
First: It looks like it came from a trusted source.
Situation: It’s not unusual for most phishing scams to appear as thought they came from a trusted source, and in this case it probably did come from a friend of yours, who was already hit by the scam.
Second: It provides you with a link/file and asks you to click or open the file.
Situation: In this case the attacker (your friend) says he’s shared a document with you. Everything looks legitimate, because there’s an “Open in docs” button, as you would normally see if someone was sharing a document. This is the point where you should STOP and contact the sender directly to make sure this is a legitimate file.
Third: The link/file. Clicking it, opening it.
Situation: Here’s where it gets really creative. If you click the “Open in Docs” it takes you to an actual Google hosted page (or overlay) with a list of your actual accounts. It does this because the file it wants you to open, is actually an application not a document, and Google wants to give this application permissions. So it wants to know which account you’d like to grant this application permissions to.
Fouth: The outcome.
Situation: After selecting the account, you’ll see another Google overlay that asks if you’d like to grant “Google Docs” access to your gmail account. If you clicked yes to everything and you just didn’t catch it in time…. It’s too late. The app then emails itself to EVERYONE in your contact list.
The buzz word around this phishing attack has been “sophisticated” and everyone seems to agree. The biggest problem in detecting it, is that Google Docs is a semi-trusted means of sharing documents among Gmail users. Which is why it’s so hard to believe that Google permitted an app to be registered under the name “Google Docs.” It was a bit careless on their part. The phishing scam works because, if you want to open the Google Doc, you’re going to assume that Google Docs might need permissions to read your gmail and personal account info, in order to open the doc. The “sophisticated” part comes in that, you’re not transported to a strange URL. You stay within the comfort zone of Google, which gives you a false sense of security. The second part, is the name of the app, “Google Docs”. It’s familiar, and you’ve probably used it before, so it must be fine. While it may not be safe, and we’re still determining how much damage this malware will do, it is very “sophisticated.”
Google has responded to the attack and if you haven’t seen it by now, you probably wont.
So again, don’t click links or files or anything from an email. If you’ve confirmed with the sending party that they have indeed sent you a document, then you’ll probably be fine. But if you received a file, link, whatever… unsolicited, then you probably should just delete it. Or contact the sender, and see if they did in-fact send it.
Stay vigilant, stay aware, and good luck.