Cyber Attack g

Published on May 12th, 2017 | 1,102 views Post Views

Sophisticated Phishing Attack Targets Google Docs Users

On Wednesday afternoon, social media flooded with news of a new Phishing attack targeting users of Google Docs. The attack was quick, smart on getting the victim to grant permissions Google Docs by scattering to the victim’s contacts.

Fortunately, the attack did not last long, thanks to the efforts of thoughtful users, Google, and Cloudflare.

Officially, after the news spread, Google issued a brief statement on the attack via Twitter:

“We have taken action to protect users against an email impersonating Google Docs & have disabled offending accounts. We have removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this spoofing from happening again. We encourage users to report phishing emails in Gmail.”

The phishing emails, which spread for about three hours before Google blocked them, invited the receiver to open what appeared to be a Google Doc. The attacker used a blue box that said, “Open in Docs.”

Actuality, the appealing fact about the link led to a fake app that asked users for permission to access their Gmail account which was unique and people have not seen such technique in years.

The key variant between this and a traditional email phishing techniques is that this does not just redirect you to a false Google page and gather your password or something you could notice by checking the page URL. It works within Google’s system but takes benefit of the fact that you can create a non-Google web app with an ambiguous name. Here’s what the permissions screen looks like, for example:

This attack started moving fast. At the peak, the attack was generating about 155 messages per minute, around 3:15 p.m. EST on Wednesday. However, forty-five minutes later, the volume dropped off completely. Moreover, it took all over the internet, and people started to post about this attack and spreading awareness

Share on Facebook0Share on Google+1Tweet about this on TwitterShare on Reddit0Email this to someonePrint this pageShare on StumbleUpon0Digg thisPin on Pinterest0Share on LinkedIn0












Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑

You Might Also Like:
Nathan: Android Emulator for Mobile Security Testing Tool

Nathan: Android Emulator for Mobile Security Testing Tool Nathan is a 5.1.1 SDK 22 AOSP Android emulator customized to perform...

Close