Hackers have devised a lethal way to carry out phishing using Google Docs. Rather than the usual pranks, they have found a way of carrying out phishing using Google Docs and with an address someone knows. If an email just dropped into your inbox from one of your contacts sharing a Google Doc, refrain from opening it since it’s a trap.
The anatomy of the attack looks like this:
- You receive an email suggesting someone shared a Google Doc with you. Most likely, it would be someone from your contact list to reduce the level of suspicion.
- Upon opening the fake document, the link will send you to a page where you will be required to select the Google account you want to use.
- The next page will need you to give several permissions to access your Google document. If you have used Google Docs for a while, you know that this stage is never there. What is happening is that you are giving a hacker permissions to use your account to carry out an attack on yourself and others.
- When you approve of the permissions, it will replicate itself by sending the same phishing email to your contacts.
Since you would have given the hacker full access to your account, any two-factor authentication or login alerts are overlooked as the hacker has the same access to your account as yourself. They can use your email to send out other phishing messages to other people. Even more dangerous is that they can use the account to reset passwords for most of your online accounts from PayPal to other email addresses.
If you have read this before getting the email, count yourself lucky. If you already clicked the link, start by revoking access to the link. Also, if your email address has been used to send out phishing messages to your contacts, make sure you follow up by sending them the mail explaining what is going on. While Google has stepped in and disabled the link, it has already spread to several Gmail users.
Google utilized the Twitter platform to share their stance and update on this massive attack.