Google Docs/Gmail was targeted by a new type of phishing attack on Tuesday, aimed at millions of users users and it spread like crazy. One click or two – on what appeared to be an actual Google-hosted URL – handed the attacker the ability to read your Gmail and forwarded the phishing attack to everyone you’d ever emailed.
The phishing emails, circulated for about three hours before Google stopped them and released an official statement.
“We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”
The attack was simple. User received an email, from someone they knew. They were “sharing a document”. User clicks the button to open the document, and they’d see a seemingly innocent page — one hosted by Google. It wouldn’t ask for a password, and it already listed all of their accounts. The page was asking them to give a “Google Docs” app permission to read their email and contacts.
And that permission for the “Google Docs” was everything the attacker needed. The app wasn’t actually Google Docs at all, just one somehow disguising under the name.
While talking to The Next Web, a Google spokesperson said that the attack affected fewer than 0.1 percent of Gmail users – and that’s roughly 1 million users.
Even though the said attack has been stopped, but now the copycats are expected to potentially follow suit. Google is working on blocking the overall concept, but the users are advised to be super wary of unsolicited and unexpected Google Doc shares.