Do you use Google Docs in your business or home? I do. We also utilise Google Docs internally. What is Google Docs? More than letters and words. Google Docs brings your documents to life with smart editing and styling tools to help you easily format text and paragraphs. It’s Google’s version of Word.
If you do use Google Docs, Smart Online has issued a warning to users about a reported phishing scam involving a fake invitation to share a Google Docs document.
The way the scam works is that a user receives a legitimate-looking email that looks like it’s from a trusted person inviting them to share a document on Google Docs.
The users who click on the link are then directed to permission screens. These permission screens then activate a malicious service to access their email account, contacts and other sensitive information, if permission is granted by clicking on the button. If a user grants permission, the malicious service can impersonate the user when sending messages on to other Google email users.
Users may also face the risk of having information and messages from their email accounts compromised.
How does it work?
The scam reportedly targets Google personal and corporate email accounts.
Google Docs has released a statement via their Twitter account saying:
“we have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts.”
“We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again.”
If you’ve clicked the link, your account may have already sent spam messages to the people in your address book. But you can revoke future access through Google’s “Connected Apps and Sites” page; where it will appear as “Google Docs”.
Spoofing occurs when emails are altered to appear to have come from a different source and is a method attackers commonly use to gain users’ trust and increase the likelihood of a successful attack.
Here is the whole process captured on video:
How to stay safe
If you are unsure of the legitimacy of any message you receive, you should avoid clicking on any links or opening any attachments. You should check with the purported sender using contact details sourced from legitimate sources (not from the suspect message itself).
If you have clicked on the link or inadvertently granted permission to the malicious service, you should immediately revoke that permission using the steps recommended by Google Docs.
You should also check your account details to confirm that nothing has been changed and as an extra precaution, change your Google passwords immediately.
Content from the post was originally published on Smart Online.