Google Docs Phish

 

On May 3, 2017, cyber criminals used the phishing email below to trick Google users into clicking on the bogus Google Docs (Open in Docs) link within the email.  Google users email accounts weren't compromised because they opened and read the email.  Google users email accounts were compromised because they clicked on the bogus Google Docs link which leads to a pop up window containing a fake page asking users for permission to view the document.  The fake page was deceptive because it looked like a legitimate Google page and it used a fraudulent and undetectable underlying authentication token that piggybacked off of unsuspecting Google users entering their credentials without actually disclosing their credentials. Once the cyber criminals had access to a Google account, cyber criminals sent the bogus email to the contacts within the compromised account in order to trick others into TAKING the BAIT.  Keep in mind that the cyber criminals had access to emails within compromised accounts.  A majority of Google users fell for the BAIT because the email was sent from someone they know.

            From: xxxxxxxx@aggies.ncat.edu <xxxxxxxx@aggies.ncat.edu>
            Sent: Wednesday, May 3, 2017 2:57 PM
            To: hhhhhhhhhhhhhhhh@mailinator.com
            Subject: xxxxxxxx has shared a document on Google Docs with you

 

            xxxxxxxx has invited you to view the following document:


            Open in Docs

What has Google done to address the issue?

According to Google, the phishing threat has been neutralized.  Read Google's tweet below that's posted at https://twitter.com/googledocs/status/859895400173522944 .

Google Doc Phish Tweet

I clicked on the Google Doc link.  What do I do?

1.  Although users that clicked on the Google Doc link didn't disclose their passwords, it's recommended that users change their passwords when account compromises occur. 

2. Let your contacts know that the email was fraudulent.

3. Visit http://g.co/SecurityCheckup and use the Google Security Checkup tool to review your Google security settings and strengthen the protection for your Google account which includes managing apps, websites, and devices that are connected to your Google account and removing untrusted connections.

I didn't click on the Google link.  What do I do?

Visit http://g.co/SecurityCheckup and use the Google Security Checkup tool to review your Google security settings and strengthen the protection for your Google account which includes managing apps, websites, and devices that are connected to your Google account and removing untrusted connections.

Cyber criminals are sending phishing email at an alarming rate. Ransomware incidents are on the rise.  Remember the Triple A's...ASK, AVOID, and ALERT...in order to detect and prevention phishing and ransomware.   http://www.ncat.edu/divisions/its/cybersecurity/Phishing%20and%20Ransomware%20-%20Detection%20and%20Prevention.html