A Massive Google Docs Hack is Spreading like Wildfire
Phishing has been in the news for a while now. Last we heard, it was PayPal customers who had been affected by this scam. Lately, it is the most efficient and popular email that has gone under the phishing scam scanner. Gmail it seems has been affected by a wild spread phishing scam. In a very sophisticated attack, you may receive a phishing message disguised as an official mail. The message sent is someone wants to share a Google Doc with you. As Google doc users, you would know that with the doc you give access to managing your mails and the contacts. That’s all the person involved with the phishing attack wants. In one incident, after the phishing attack, a spam mail was sent from the victim’s account to everyone in his contact list.
What happens in the phishing attack?
A mail is sent out to your inbox from someone posing as the person you know, and have interacted with. This email account shares a Google doc with you, and requests you to open the link. As you are prone to receiving these email, you won’t really concern yourself with the genuineness of this email.
A step-by-step instruction is given to link the google doc to your email and contacts. If you do that, you tend to open your inbox to the attackers, and in the process, you will have people attacking and spamming through your inbox. The appearance is so genuine that you tend to go for it.
It is quite widespread, and chances are it has reached the Senate too, though it is yet to be known how far and wide it has spread within the Senate.
The app to which you are directed on opening the link looks quite similar to Google docs but, in reality it is not Google docs, and you have become the victim of the scam. The idea is to get hold of your credit card and other financial details. According to a few screenshots shared by people, there is another email address marked in the mail which is email@example.com, and mailinator is basically a disposable email service.
What to do when this phishing scam hits you?
Like everyone, you would rather the phishing scam does not hurt you and make you vulnerable. This is why you need to read the email carefully before clicking on the link
- Read the contents of the email, and see if there is a Google doc link being sent to you from some official source
- Check if you have been marked in “to” or in “bcc”. The phishing scam mails are generally marked in “bcc”
- Check for the only other email address in the email. If it is firstname.lastname@example.org, then don’t click on the link
- This is an indication that the mail is a phishing scam and not something genuine
- If you have given some app permissions to Google doc, with immediate effect revoke them by visiting https://myaccount.google.com/permissions
If you are not expecting any Google doc in your email, refrain from clicking it. This would save you a lot of effort and time.