Google Doc users become victim of Phishing scam

International Women’s Day Google Doodle features local artist

Google users have been targeted with a phishing scam.

Close to a million Google users were victims of a phishing scam on Thursday morning. The attack allowed hackers to gain access to contents of emails, contact lists and online documents of victims. The attack came in the form of an email from Google Docs with a link for users to click on.

“The newest Google Docs link that is being reported as phishing is a deviation away from the more traditional email phishing attacks, in that this attack is linking a third party application to users’ Google accounts,” says MWR Infosecurity’s phishd Senior Developer Jason Kerner.

“Accessing users’ contacts is something that has been seen with Google attacks previously and appears to be a favoured approach by attackers at present. Quite often these attacks will be the first phase of a more complex and targeted attack by utilising the information gained,” he adds.

According to a BBC report, the email address hhhhhhhhhhhhhhhh@mailinator[.]com was also copied into the message; Mailinator, a free email service provider has denied any involvement.

Kerner says that the functionality offered by web-based email clients to developers through ‘app’ integration, which are essentially a set of APIs allowing additional functionality, are being exploited by attackers.

“It would almost seem that an app’s functionality should be vetted before being made available to the general user base, with its functionality and more importantly, its permissions being confirmed,” he says.

He says,”More fine tuning of permissions in how they are presented to users and what this means to them, combined with education at the right level may reduce the spread of such an attack in the future. Facebook’s permission system, as well as the Android operating system, have both adjusted their approach regarding what apps are allowed to do, what not to do and what that means to users.”

If users clicked on the “Open in Docs” button in the email, they were then taken to a real Google-hosted page and asked to allow a seemingly real service, called “Google Docs”, to access their email account data.

Kerner says these type of attacks are expected to become more prevalent in the future as there is a mass of information that can be gained and therefore exploited from conducting them.

Staff Writer