Google Docs Phishing Attack

Earlier today, a phishing campaign spread across global inboxes. These emails were given legitimacy by appearing to be from someone the recipient recognized. There were a couple clues that could help users identify it as a non-legitimate request:

  1. The “To:” line contained the email address “hhhhhhhhhhhhhhhh@mailinator.com”
  2. The recipient was not expecting a Google Doc to be shared with them

This link is currently not a virus; however, it is still malicious. The goal of this attack is to steal credentials and gain access to the user’s contact list to spread further. Just clicking the link is not necessarily dangerous, but if the user allows access to the malicious application the attacker named “Google Docs”, the attacker will have full access to the account.

Google has reacted and this attack has been mostly taken down. The emails should also now be recognized as malicious by Google.

If you did accidentally click the link and grant permission, take the following steps to re-secure your account:

  1. Revoke the App’s permissions on the account
  2. Change your password for your Google account, and any accounts that shared the same password (which ideally is zero)
  3. If this is a business account, check your sent messages to see if your account was used to spread the attack, and, if appropriate, apologize to anyone your account sent the message to.

More information can be found here.