Opening up an "Invitation to edit" email today from Google Docs may be a phisihing email in disguise.
If someone invites you to edit a file in Google Docs today, don’t open it — it may be spam from a phishing scheme that’s been spreading quickly this afternoon. As detailed on Reddit:
The spam email:
- Uses the existing Google login system
- Uses the name "Google Docs"
- Is only detectable as fake if you happen to click "Google Docs" whilst granting permission
- Replicates itself by sending itself to all your contacts
- Bypasses any 2 factor authentication / login alerts
- Will send scam emails to everyone you have ever emailed
What is Phishing?
Criminals send out a wave of spam email. Each email contains a message that appears to come from a well-known and trusted company. Usually the message includes the company's logo and name, and it often tries to evoke an emotional response to a false crisis. Couched in urgent, business-like language, the email often makes a request of the user's personal information.
Related: Microsoft Warns of Tax Themed Cyber Attacks
This attack targets uses a real Google sign-in screen, then asks users to “continue to Google Docs.” This grants permissions to a (malicious) third-party web app that’s simply been named “Google Docs,” which gives phishers access to your email and address book.
The difference between this and a very simple email phishing scheme is that this doesn’t just take you to a bogus Google page and collect your password — something you could detect by checking the page URL. It works within Google’s system, but takes advantage of the fact that you can create a non-Google web app with a misleading name. Here’s what the permissions screen looks like, for example:
Screenshot from TheVerge.com
Protect your Organization & Identify Breaches before they cause damage.