Google has rushed to shutdown a phishing scam aimed at users of its Docs cloud-based service, which looked to gain access to a users contacts and email.
The search giant noted that the phishing attack takes the form of an email inviting recipients to edit a Google Docs shared document.
If users were to click on the ‘open in Docs’ prompt they were taken to a legitimate Google sign in page the asked to “continue to Docs”, which sneakily granted permissions to a third-party web app named also named Google Docs.
Once this has been done, the app gave hackers access to a users Gmail and its address book, potentially allowing cyber criminals and hackers to spread other malware and push spam and scams further afield.
We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts,” said Google. “We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”
Google is investigating the source and make-up of the phishing scam, which was a rather sophisticated attack as instead of using a bogus Google login page it manages to work within Google’s login system while exploiting a deceptive third-party app.
While Google has blocked the attack, users of Docs and other Google productivity apps can revoke permissions to the third-party app through the settings on their account.
This year so far appears to be a good one for phishing attacks, with app and online services from the likes of McDonald’s falling victim to scammers. Annoyingly and depressingly, it look like phishing scams are not going to go away anytime soon, particularly when they can yield successful results for cyber criminals.
Quiz: Cyber security in 2017
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…