Your IT Consultant

Very Sophisticated Scary Google Docs Phishing Attack

May 4, 2017

When will it ever end? Maybe never. Yesterday a massive phishing attack targeted Google accounts and attempted to get users to allow access to more than just documents. The phishing e-mail appeared to come from someone you know and wanted to share a document with you. If you clicked on the "Open in Docs" buttons you were presented with an OAuth request for familiar permissions. Don't click on it! Clicking it allows full control over your e-mail and access to all of your contacts. All of your contacts then get a similar request.

Google has fixed the problem and stopped the propagation of the phishing attack. If you have already clicked on the button to allow access, Softpedia has advice on what to do. Logon to your Google account and visit the Permissions page, where you can manage access to your data. Find "Google Docs" and remove the authorization. Obviously, you should change your Google password too and enable two-factor-authentication if it's not already turned on.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://www.senseient.com