A sophisticated phishing attack emerged on Wednesday, 05/03/2017, disguising itself on what appears to be a Google Doc. The sender invites you to open the document in Google Docs in turn will redirect you to a page looking identical to the Google sign-in screen. This is not the sign-in screen. What you’re redirected to is a third-party web app that looks exactly like Google that’s simply been named Google Docs! As a rule of thumb, you should always be checking where the mail is being sent from before opening ANY document, and this is a prime example.
What should you do if you’ve already clicked on the link? We don’t know exactly what the phishing attack is pulling if you grant it permissions to your account, but here’s what you should do to minimize damage as best you can.
- Change your password(s): Immediately change the password to you Google accounts and any account where the password is relative. It would be in good practice to change your passwords on a semi-regular basis anyway.
- Revoke permissions: If you’ve clicked the link, you can revoke future access by going through Google’s Connected Apps and Sites where it’ll appears as “Google Docs”.
- Report to Google: Whenever an attack such as this occurs, it’s always smart to report it with the service provider. This way they can either work on resolving the issue or walking you through how to the steps in resolving your issue.
Fortunately, Google jumped right on this after it was reported yesterday afternoon and has released the following statement:
“We realize people are concerned about their Google accounts, and we’re now able to give a fuller explanation after further investigation. We have taken action to protect users against an email spam campaign impersonating Google Docs, which affected fewer than 0.1% of Gmail users. We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems. We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed. There’s no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup.”
If you have any additional questions on how to best protect yourself from attacks such as this, please don’t hesitate to contact us. We’ll be happy to walk you through best practices in securing you and your company’s data.