Saturday, May 6, 2017

Google Docs Phishing Attack

The sophisticated attack appeared to come from a trusted source asking you to open a Google Document. If you clicked, it took you to a page to open the "Google Docs" app with your Google account. This granted access to your email account and contacts.

Google said it stopped the attacks in one hour.

Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation, says anyone who clicked on the link should check their Google App permissions and remove the one called "Google Docs." You can do that by clicking this link.

It's unclear how widespread the attack was, but reporters at publications including BuzzFeed, CNN and Motherboard tweeted that they'd receiving the phishing email, as had many of their sources.

According to threat intelligence firm Cisco (CSCO, Tech30) Talos, at the peak of the attack its customer base saw around 150 messages sent per minute. The firm said the impact to the general population was likely much larger. (Talos declined to share its customer base figures.)

On Wednesday afternoon, "Google Docs" was a global trending topic on Twitter, meaning a lot of people were talking about the attacks.

In a statement to CNNTech, a Google spokesperson said the attack affected fewer than 0.1% of Gmail users. (Gmail has over one billion monthly active users, and 0.1% of that total would be at least one million accounts.)

Google said contact information was accessed and used in the attack, but no other information was exposed.

"We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems," the company said in a statement.

It's not clear who was behind the phishing attempts. This attack spread quickly -- the fake Google Docs app read users' contacts and sent more phishing attempts to their contacts.

No comments:

Post a Comment