A sweeping campaign of phishing emails masquerading as a shared Google doc invite has infected troves of Google users on Wednesday, accessing their contacts lists to spread the attack further.
On Wednesday afternoon, the Internet lit up with reports of phishing emails disguised as invites to a shared document in Google Docs. In many cases, the email appeared to be sent from someone the recipient actually knew — another victim of the attack who had already had their account compromised.
They also resembled the typical Google Docs invite perfectly, with the lone exception of including the recipient “hhhhhhhhhhhhhhhh at mailnator.com.”
Once clicking “Open in Docs,” however, victims were asked to grant access to their account to a fake Google Docs app, which promptly took advantage of that access to raid the victim’s contacts list and use it to send out identical phishing emails to replicate the attack.
Google reacted swiftly to the attack by shutting down the rogue app and adding warnings to suspected phishing emails. But with an untold number of accounts already compromised, the fallout from this attack could be far from over.
What to do:
- Tell your users not to click on any Google Docs invitations they received on Wednesday.
- If they suspect their Google account may have been compromised: Tell them to go to https://myaccount.google.com/u/0/permissions to check what apps have authorized access. If they see a “Google Docs” app authorized on Wednesday they should remove it as well as any other apps they don’t recognize.
- Make sure you’re prepared for additional phishing emails from compromised accounts by reminding users to be on high alert and by ensuring you have the right malware protection in place.
Get the full details on the phishing campaign in our latest blog post (Barkly’s