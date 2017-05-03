Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Gmail, Google Docs Users Hit By Massive Email Phishing Scam

Posted by BeauHD from the be-on-the-look-out dept.
New submitter reyahtbor warns of a "massive" phishing attack sweeping the web: Multiple media sources are now reporting on a massive Gmail/Google Docs phishing attack. The Independent is among the top publications reporting about it: "Huge numbers of people may have been compromised by the phishing scam that allows hackers to take over people's email accounts. It's not clear who is running the quickly spreading scam or why. But it gives people access to people's most personal details and information, and so the damage may be massive. The scam works by sending users an innocent looking Google Doc link, which appears to have come from someone you might know. But if it's clicked then it will give over access to your Gmail account -- and turn it into a tool for spreading the hack further. As such, experts have advised people to only click on Google Doc links they are absolutely sure about. If you have already clicked on such a link, or may have done, inform your workplace IT staff as the account may have been compromised. The hack doesn't only appear to be affecting Gmail accounts but a range of corporate and business ones that use Google's email service too. If you think you may have clicked on it, you should head to Google's My Account page. Head to the permissions option and remove the 'Google Doc' app, which appears the same as any other."

  • How does clicking a link cause someone's account to be compromised? There is more to the story than clicking the link

    • Clicking the link doesn't hack the account. Adding permissions does. There is another "allow" button that actually causes the "hack" to work.

      Change your passwords folks.

      • Re: (Score:2, Informative)

        by Anonymous Coward

        Changing a password doesn't invalidate the given app permissions if a user falls victim to this. The user's password isn't given over to the attacker. Changing the user's password won't do anything.

  • Just Hit (Score:3)

    by jasnw ( 1913892 ) on Wednesday May 03, 2017 @05:01PM (#54350903)
    Dumped one of these into my mail trash just before I visited /. Suppsedly from 'office@metroroof.com' (a local vendor I used last year) to 'hhhhhhhhh@mailinator.com' with a bcc to my address. Told me that 'Jasmine Crews has shared a document on Google Docs with you." Had a button to click on reading 'Open in Docs'. I wonder what percent of people actually click on these things?

  • Better Explanation (Score:3)

    by jetkust ( 596906 ) on Wednesday May 03, 2017 @05:06PM (#54350931)
    Also with a gif of the attack.
    http://bgr.com/2017/05/03/goog... [bgr.com]

    "It starts with an email from a known contact, which says that the person has shared a Google Doc with you. You’re invited to click the link to open, which redirects you to a legitimate Google sign-in page. You’re prompted to select one of your Google accounts (remember: this is all using Google’s normal sign-in system), and then authorize a legit-looking app called “Google Docs” to manage your emails."

    "That’s how the scam works: the app called “Google Docs,” which requests permission to read, send and delete emails, isn’t really a Google app. Rather, it’s an app controlled by the hackers. It seems that once it has permission to manage your email, it secretly sends out a bunch of emails to all your contacts, with the same phishing link."
  • Had an acquaintance get hit with this and received the phishing attempt. Didn't click the link because of the red flags (non-specific document name and the TO address) but sent him a warning and a link to this story. He replied telling me he knew about it and their IT department was handling it. I replied back but it bounced. I changed the subject, removed the phishing link in the quoted email thread and it went through. Looks like google is blocking these messages from being sent/received at all. Fairly re

