Scam Alert! Google Doc Phishing Email Could Compromise Everything Linked to Google Account

John Biglin, CEO | May 4, 2017

What You Need to Know:

  • A very convincing phishing campaign is making the rounds masquerading as a Google Docs invitation.
  • If you click this link, there is a way to reverse it through Gmail Account Settings.
  • Google is currently working on blacklisting all of the domains in use and will be updating the public periodically.

There is a new phishing campaign spreading at amazing speed that is parodying an invitation to view a shared Google Doc. First things first: If you see this in your inbox, do not click on any of the links and DELETE THE EMAIL IMMEDIATELY, even if it is coming from someone you know.

When you click the link in this convincing, malicious email you are redirected to a page saying, “Google Docs would like to read, send and delete emails, as well as access to your contacts,” with an “Allow” button following. Clicking this gives the hacker access to your account, without having to enter a password and bypassing two-factor authentication. Note: A genuine Google Docs invitation would never redirect you to a permissions request.

Once in your account, hackers start automatically forwarding the same phishing email to your entire contact list, but with you as the “sharer” of the Google Doc, spreading the campaign quickly and efficiently.

What Can Be Compromised?
You may not even realize it, but many or some of your email addresses are interconnected. With the use of “recovery” email addresses for certain programs, your addresses are linked. These hackers are taking advantage of this and not only have access to your Google account, but could possibly retrieve access to other online accounts, including your social media, Apple and Microsoft. Anything associated with your Google account could be compromised.

How to Revoke Permissions
If you happen to click on the link, there is a way to reverse the actions. Follow these steps immediately to stop the hacker’s access to your account:
1. Sign in to your Gmail account permissions setting at https://myaccount.google.com 
2. In the left hand navigation, click Connected Apps & Sites
3. Click “Manage Apps”
4. When you click on “Google Docs” from the list, a drop down will appear. Click the “Remove” button to revoke permissions

What is Google Doing?
The malicious apps used in this malicious campaign are being blacklisted by Google. Earlier today they tweeted:

“We are investigating a phishing email that appears as Google Docs. We encourage you to not click through & report as phishing within Gmail.”

SMB Success Story: Jack’s Diving Locker

SMB Success Story: Jack’s Diving Locker

Did you know that technology is helping to protect and save our oceans? With #cloud security and communication tools, @JacksDiveLocker has exponentially increased their outreach and education efforts to keep our oceans healthy and thriving.

Want to see how the latest #security tools can help grow your business? Contact the Client Engagement team at Interphase Systems (ce@interphasesystems.com or 610-276-5500) to get started today!

Taking internal communication to the next level with Microsoft Teams

Taking internal communication to the next level with Microsoft Teams

Communication among team members and between different teams, especially when they’re in different locations, can be a huge challenge–but it doesn’t have to be an obstacle to collaboration and teamwork. Watch this video to discover why Red Lion Hotels (RLH) trusted Microsoft Teams to integrate all its corporate collaboration needs into one internal communications tool. Interphase Systems helps organizations of all types build and implement a collaboration strategy that leverages Microsoft Teams as the nexus for internal and external team collaboration. Contact our Client Engagement team today (ce@interphasesystems.com or 610-276-5500) to help your organization plan and implement its own collaboration strategy.

The Guts Of A Phishing Email

Are you ready to lose all your money, cancel all accounts, and probably experience a system failure? I’m sure you will never be ready for that, which is why it’s critical you recognize the anatomy of a phishing email to avoid becoming a victim. So here are several...

Password Managers: Why should I bother?

Password managers do more for you than just help you remember which password you used for different accounts. In this post, I am going to dig a little deeper into explaining what password managers do and how can they benefit your personal security and privacy.  A...