Google Docs scam targets users to click on a link to Google Docs
California,May4:Alphabet Inc warned its users to beware of emails from known contacts asking them to click on a link to Google Docs after a large number of people turned to social media to complain that their accounts had been hacked.
Google said on Wednesday that it had taken steps to protect users from the attacks by disabling offending accounts and removing malicious pages.
The attack used a relatively novel approach to phishing, a hacking technique designed to trick users into giving away sensitive information, by gaining access to user accounts without needing to obtain their passwords. They did that by getting an already logged-in user to grant access to a malicious application posing as Google Docs.
Here’s what you need to know:
- Clicking the link takes you to a real Google-hosted page, with a list of your Google accounts ready to click
- It asks you to select an account and provide an app called “Google Docs” — yes, they were somehow allowed to name a third-party app “Google Docs” — with account permissions
- As soon as you click the “ALLOW” button, this not-at-all-actually-Google Docs app now has permission to read your emails and email all your contacts… the latter of which it’ll start doing pretty much immediately, spreading the worm to pretty much everyone you’ve ever emailed.
This one is super sneaky; pretty much the only way to detect it before falling for it is to click the small “Google Docs” link on the actual Google-hosted page and notice that the developer info seems… off.
Zach Latta of Hack Club grabbed a video of the whole flow so you don’t have to test fate to see it for yourself:
I’m sending this to people that got phished. pic.twitter.com/3uP7NvQDkt
— Zach Latta (@zachlatta) May 3, 2017
How do I know if I’ve been hit? How do I fix it?
Check your Google account’s app permissions. There should not be an app called “Google Docs” there — actual Google Docs has access to your account by default. If you see it listed there, remove it by tapping the label and hitting “Remove”
— Google Docs (@googledocs) May 3, 2017
Update: The Google Docs Twitter account just acknowledged the attack and says they’re working on it, but says not to click on things in the meantime.
Google says this specific attack should be blocked now, and they’re working on preventing similar attacks moving forward.