A massive phishing attack is now targeting hundreds of Gmail accounts, masquerading as a Google Doc file and gaining access to users’ contact lists.
The phishing attack requests Gmail users to allow ‘Google Docs’ to access their e-mail accounts, and proceeds to spam users further after taking control.
While hundreds of Gmail users have received such e-mails, including a lot of journalists, it seems that the hackers behind the phishing attack are only interested in gaining access to e-mail accounts and sending spam messages instead of infiltrating malware in such accounts.
Hackers behind the operation are using a web app named ‘Google Docs’ which has nothing to do with Google but gives users the impression that they are giving access permissions to the original Google programme. The e-mails sent out by the hackers are addressed to “firstname.lastname@example.org” with recipients finding their e-mails in the bcc sections. Once a gullible Gmail user accepts the authorisation request, his/her e-mail ID is then used to send similar e-mails to everyone in his/her contacts list.
If you’ve mistakenly authorised ‘Google Docs’ to access your account, you can revoke the permission in your Google account permissions page to stop the malicious app from accessing your contact list or spamming you any further.
“There’s a very clever phishing scam going around at the moment – originally thought to be targeting journalists given the sheer number of them mentioning it on their Twitter feeds, it’s also been slinging its way across unrelated mailboxes – from orgs to schools / campuses,” sai Christopher Boyd, malware intelligence analyst at Malwarebytes to The Register.
“This doesn’t mean it didn’t begin with a popped journo mailbox and spread its way out from there, or that someone didn’t intentionally send it to a number of journalists of course – but either way, this one has gone viral and not in a ‘look at the cute cat pic’ fashion,” he added.
Google has since taken cognizance of the issue and has confirmed that it has removed the fake pages and disabled accounts to stop the phishing attack from spreading further. “We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail,” said a Gmail spokesperson.
Google has finally elaborated on the significance of the phishing attack and has released a detailed note on how it has curtailed the same. The company’s statement reads as below:
“We realize people are concerned about their Google accounts, and we’re now able to give a fuller explanation after further investigation. We have taken action to protect users against an email spam campaign impersonating Google Docs, which affected fewer than 0.1% of Gmail users.
“We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems. We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed. There’s no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup.”
Last year, Google strengthened the Safe Browsing feature in Gmail by introducing a full-page warning with instructions to advise users on how to stay secure if state-sponsored attackers are suspected to be attempting to compromise their accounts, building on the existing warning messages. If users click on potentially dangerous links in their emails, they will see a full-page Safe Browsing message to warn them that the destination may be harmful.