It’s not at all a surprise that Google Mail users have today been hit by a massive Phishing attack. Given the rise of exploits being sourced using Google platform services, such as the GOOGLE RECAPTCHA BYPASS TECHNIQUE USES GOOGLE’S OWN TOOLS and the malware CARBANAK USING GOOGLE SERVICES FOR COMMAND AND CONTROL it was inevitable. Google make money from opening up your data and services. It was only a matter of time. Google have had data breaches before, however, this is something in an entirely new league.
The earliest information we have is in what seems to be a sophisticated malware or phishing attack creating a Google Docs exploit, that appears to be prevalent, started landing in users’ inboxes today, Wednesday 3rd May.
The misleading invitation to edit a Google Doc, the popular app employed for writing and sharing files, appears to be spreading rapidly. The subject line saying a contact “has shared a document on Google Docs”. When the recipient clicks the “Open in Docs” in the email, it transfers them to a legitimate Google sign-in screen that asks to “continue in Google Docs”.
Clicking on the link gives permission to a third-party App allowing access to contacts and email, and enables the malware to be spread to even more recipients from your contact list.
Google has said it’s investigating it and is aware of the problem. Google advised users report the email as phishing within Gmail.
“We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts,” they said. “We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again.”
The company has not responded to requests for comment on how many have been impacted and where it may have come from.
A number of media users have reported receiving the Phishing attack. One message to the Guardian came from a maryland.gov account connected with law enforcement and was addressed to “[email protected]”, and blind-copied the reporter. Users at Vice, BuzzFeed, Hearst, New York Magazine and Gizmodo Media have reported receiving the scam.
Phishing scams typically involve advertising, e-mails or sites that appear to be real and ask for private info, like social security numbers, passwords, usernames, bank account data or birthdays. Google says it will not send out emails asking for this kind of info and encourages users to report questionable messages and also not to click on any links.
As the Brink noted, Wednesday’s attack appeared to be more sophisticated than conventional e-mail phishing scams, since it doesn’t only take users to your bogus Google page to gather a password, but instead is working within Google’s system having a third party web program which has a deceptive name.
A final thought: