Google Users Hit with Possibly the Most Effective Phishing Scam Yet
If you are a Google Mail user, be on the lookout for an unprompted document share invite. It may be part of a sophisticated phishing attempt.
Several journalists, security professionals and professionals from other industries as well have reported receiving invites to edit a Google document. The e-mail comes from “firstname.lastname@example.org” with BCC recipients included. When clicked, the document link goes to an OAuth page that prompts for permissions to the user’s gMail account.
I got this today too, probably don't open that one… https://t.co/tE3y5YR2Nx
— Troy Hunt (@troyhunt) May 3, 2017
The phish is pretty nefarious, as it would have a multiplying effect by tricking users into granting it permissions to their entire Google Mail account, including access to contacts, in addition to reading and sending e-mail. Then, the phish will replicate itself by sending it to all contacts in the user’s Google contacts.
Luckily, someone posted this phish to the /r/Google sub-Reddit page with detailed information. Within minutes an anonymous “Googler” had responded, saying the issue was being escalated within Google, and within another half hour the issue had been reported as resolved.
If you have received an e-mail like this and clicked the option to give OAuth permission to your Google Mail account, here’s what to do:
- Check your account access immediately. Remove any apps you do not recognize.
- Check your e-mail Sent folder for any outgoing messages that you do not recognize.
- If you find any, inform those recipients of this phish and what to do, the first measure being to not click “Open in Docs.”
- It’s also a good idea to inform the person who sent you the original invite that their e-mail has been compromised.
It’s not confirmed yet, but there is speculation that the e-mail accounts that have been sending the offending spam are included in the recent Dropbox breach.