Thursday May 04, 2017

Massive Phishing Campaign Mimics Google Docs

Gmail users were hit by a massive and interesting phishing campaign today. What makes this phishing campaign unique is that it was coupled with a dummy app that mimics Google Docs. If opened, the user would be redirected to a real Google account page that asks them to give Gmail access to the malicious application. Keep in mind that this application was coded using Google's own Application Development Platform. Luckily, Google has already disabled thousands of compromised accounts and has removed the offending application. Unluckily, this attack has already been replicated by security researchers using a slightly different naming convention. Nothing is safe.

News Image

If you were unfortunate enough to succumb to the whims of the application presented in this phishing mail, you need to hurry over to your Google Account Management page, look for an app called "Google Docs", click on it and revoke permission for the app to access your account. Once that's done you should absolutely change your password while giving a great deal of thought directed at enabling two-factor authentication.

Discussion