June 01, 2017
Remember all of those Google docs you respond to? Well, one or more of them may be fake. A new phishing scam has surfaced and it uses Google docs to get all the details of the user. The most dangerous part is that you can never tell the difference between the fake and original at first sight.
The phishing scam starts like any other phish, with a mail. But what is frightening is that it uses Google docs hosted on a Google domain to swipe you of your data. A message arrives in your mailbox sharing a Google doc which when clicked on asks you to log in through one of your accounts. After logging in, it asks you to give the app a few permissions so it can run. That's a red flag right there. Google docs is an in built application and has permission from all Google devices, so it does not need any more permission from the user.
Those who fall for the scam, there data is stolen including their password, contacts and the sort and the same mail is sent to all of the contacts present in Google.
"The fake page is actually hosted on Google's servers and is served over SSL, making the page even more convincing," said Nick Johnston, an employee at Symantec in an official blog post. “The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive's preview feature to get a publicly-accessible URL to include in their messages," he adds.
The hackers, whose identity is unknown as of now, have used Google's OAuth 2.0 protocol to simply create an app called Google docs. The sheer effectiveness of the phish made it stand out from other phishing scams. "This phish worked because it tricked the user into granting permissions to a third-party application. This is the future of phishing, and every security technology vendor is ill-equipped to deal with it," said Aaron Higbee chief technology officer at Phishme, a company that specializes in phishing research and defense.
Users can check whether their device is infected by going to myaccount.google.com/permissions and verifying the apps they have given permission to and if an app named Google docs exists, revoke its permissions and delete it.
Google is already on the job and is fixing the issue. In a press release by Google, it said," We’ve removed the fake pages and our abuse team is working to prevent this kind of spoofing from happening again. If you think you may have accidentally given out your account information, please reset your password". Google also tweeted that future phishing emails are to be reported.