Fear, anxiety, and mockery of people who fall for phishing attacks ran rampant on the World Wide Web Wednesday, as a phenomenally sophisticated and fast-moving phishing attack disguised a Google Doc made its way to one million Gmail users and countless non-Gmail email accounts, according to the BBC.
While the email requests technically originated from the obviously sketchy “[email protected]” email address, the request appeared legitimate to many of the victims thanks to the bcc field being populated by the addresses of senders you’d recognize, and the title of the email request saying that someone in your address book “shared a document on Google Docs with you”.
For their part, Google claims they shut down the attack within an hour Wednesday afternoon. “We have taken action to protect users against an email impersonating Google Docs,” the service said in a tweet. “We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again.”
Google said in a statement to CNN that “contact information was accessed and used in the attack, but no other information was exposed.” Still, heads should perhaps roll from their folding portable massage chairs at Google’s parent company Alphabet if a non-Google, third party service was somehow allowed into the ecosystem with the name “Google Docs”.
I'd like to share a Google Doc with you pic.twitter.com/jPOuUDNOjY— David Mack (@davidmackau) May 3, 2017
While the phishing attack appears to now be gutted, a compromised account is still a compromised account. You still need to take protective measures if your account was baited by this phishing attack, but it’s a pretty simple fix. Gmail users can just go to their Google account permissions and revoke “Google Docs” or any other unsavory looking apps (is Pokemon GO still on there?) by clicking on the app and then the blue Remove button. You are then highly encouraged to change your password ASAP.
“This adversary likely did not anticipate the velocity with which this attack would follow,” Cisco’s Talos Intelligence notes on their security blog. “This was a loud and noisy version and subtle, low volume attacks are likely to follow. This again points to some basic security principles. Namely, don't trust email, no matter how legitimate looking, do not allow third parties have access to any of your accounts. In the instance where the option exists to either login with an existing third party account or create a new account, create the new account. It may take a little additional time, but it can prevent a catastrophic compromise of your email and contacts."