Beware of This Phishing Attack Disguised as Google Docs

Google account owners may want to keep a close eye on their emails from this point forward as a new kind of phishing attack has been discovered. However, unlike most phishing attacks, this one can be particularly convincing thanks to the lengths the hackers have went to disguise it.

This Gmail Phishing Attack Looks Extremely Real

This Gmail Phishing Attack Looks Extremely Real

Phishers are getting extra creative these days as there are reports of certain phishing attacks that works via…Read more

The phishing attack itself begins life disguised as an unassuming email that invites the user to edit a Google Docs document. Should the user accept the invitation, they would be brought to the Google account selection screen in which they would be able to choose an account to open said Doc file with.

Upon selecting an account, the website will prompt the user to allow the app to access the information found inside the account. If the user chooses to allow access, the phish attack would begin and the contacts within the affected Google account will be used to launch additional attacks.

xxxxxx
Reddit

While phishing attacks aren’t new to Google as a whole, this particular attack has turned out to be extremely effective due to how well crafted it is. The initial Google Docs invitation was created to be highly convincing, and the phishing attack also utilised the OAuth authentication interface to give the attack a sense of legitimacy to it.

As such, those who are used to glancing at their emails would be extra susceptible to this attack. As meticulously crafted as this phishing attack is, this attack does contain signs that gives away its nature.

For one, those who receive the email will find their address listed in the “BCC” field instead of the normal “To” field. Secondly, the “To” field will contain an email address that ends with “mailinator.com”, although the most commonly used address appears to be “hhhhhhhhhhhhhhhh@mailinator.com”.

emailemail

Finally, the source of the shared document will appear as a long string of text that includes Google Docs-like web addresses.

source of shared documentsource of shared document
Arstechnica

If you’re one of the many that unknowingly gave permission to the phishing email, it’s imperative that you head over to the Google accounts management page and revoke the permission for the Google Docs app.

google docgoogle doc

Thankfully, Google has since cracked down hard on this particular phishing attack, so it is unlikely that you’ll be affected by it. That being said, knowing how tenacious some of the hackers out there can be, it would be wise to remain extra vigilant with the emails you receive.

Source: Reddit

10 Ways To Tighten Up Your Gmail Security

10 Ways To Tighten Up Your Gmail Security

Gmail is the most popular email service to date, thanks to its creator, Google, the name which is…Read more

Source: http://www.hongkiat.com/blog/phishing-diguised-as-google-doc/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s