Google Docs phishing: No one is safe, not even Google

Not even Google can be safe from phishing attempts. The other night, many received an email to access a shared document on Google Docs: the email came from known contacts and looked real at a glance.

Obviously, it was not. The button that called you to access the document had an URL that was incredibly similar to a real address. The design was indistinguishable from a normal Google Docs message. And if you accepted, you were taken to a page asking to grant access to your account by an app called “Google Docs” … which is the name of the real Google platform for document sharing. Once inside your account, the attack would propagate to all of your contacts and start all over again with new victims.

Google has promptly excluded this fake Google Docs app from apps authorized to access Google accounts, as well as strengthened Chrome and Gmail security to identify and counter this phishing scourge. For your own safety, avoid opening emails containing shared Google documents without checking their authenticity from your contacts, and from time to time check out which apps have access to your account.

Posted in:

Leave a Reply

Your email address will not be published. Required fields are marked *