New Google Docs Phishing Emails

iStock-533250472-1.jpg

Opening up an "Invitation to edit" email today from Google Docs may be a phisihing email in disguise. 

If someone invites you to edit a file in Google Docs today, don’t open it — it may be spam from a phishing scheme that’s been spreading quickly this afternoon. As detailed on Reddit:

The spam email:

  • Uses the existing Google login system
  • Uses the name "Google Docs"
  • Is only detectable as fake if you happen to click "Google Docs" whilst granting permission
  • Replicates itself by sending itself to all your contacts
  • Bypasses any 2 factor authentication / login alerts
  • Will send scam emails to everyone you have ever emailed

What is Phishing? 

Criminals send out a wave of spam email. Each email contains a message that appears to come from a well-known and trusted company. Usually the message includes the company's logo and name, and it often tries to evoke an emotional response to a false crisis. Couched in urgent, business-like language, the email often makes a request of the user's personal information. 

Related: Microsoft Warns of Tax Themed Cyber Attacks

This attack targets uses a real Google sign-in screen, then asks users to “continue to Google Docs.” This grants permissions to a (malicious) third-party web app that’s simply been named “Google Docs,” which gives phishers access to your email and address book.

The difference between this and a very simple email phishing scheme is that this doesn’t just take you to a bogus Google page and collect your password — something you could detect by checking the page URL. It works within Google’s system, but takes advantage of the fact that you can create a non-Google web app with a misleading name. Here’s what the permissions screen looks like, for example:

 Screen_Shot_2017_05_03_at_3.45.27_PM.png.jpg

 Screenshot from TheVerge.com

 

Protect your Organization & Identify Breaches before they cause damage.
The Enterprise Mobility Suite (EMS) is an all encompassing security solution, that allows you to use Microsoft's products closely together to fully manage your user's; identities, how they log into your services and the devices they use. Download our Webinar Here

 

Topics: phishing emails

View the original article from The Verge  

Have technology questions or want to learn more about how Tech Impact can help your nonprofit? Give us a call 1-888-798-1350 or browse our Technology Services For Nonprofits.


Tech Impact provides hands-on technology support to nonprofits. Learn More