Google phishing net: How it can worm into your account

Did you recently receive an invitation to view a Google Document which appears to have come from one of your existing contacts? If yes, beware.

You may have just fallen prey to what IT experts across the world believe is a huge, startlingly fast-moving, and “almost undetectable” spam.

 
Since yesterday, hundreds of thousands of users have received an invitation from one of their existing contacts in form of a mail to view a Google document. When the user clicks on the link it takes him to a real Google-hosted page, with a ready list of your Google accounts to click.

Once a user clicks on an account, it asks you to allow account permissions to an app called "Google Docs". As soon as you press hit on "allow", the app can read all your emails.

Not only that. The app will soon start spreading the worm and shoot emails to all your contacts thereby setting the whole process in motion again.

Experts are perplexed as this "worm" is super sneaky.
But, there is a way to stop it. All one has to do is click on the small "Google Docs" link on the link page and going through the developer information - which in this case would appear unusual.

How do you know if you have already been phished?
You can go to your Google account and look for "App Permissions". Once there, try to find an app called Google Docs. If you cannot find such an app, you can you can sit back and relax.

However, if you find the app listed, do not worry. Just remove it by tapping the label and clicking on remove icon.

Google has fixed the massive Google Docs phishing attack

Google Docs users were hit by a widespread phishing attempt, allowing a sophisticated attacker to obtain contact lists and access Gmail accounts to spread spam messages widely. In a statement to The Verge, Google has confirmed it has now fixed the phishing attack. “We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts,” says a Google spokesperson. “We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again.”
 
It’s not immediately clear how an attacker was even able to execute such a sophisticated phishing attempt. Attackers took advantage of a weakness, that may or may not have existed for some time, in Google’s system that allowed developers to create a non-Google web app with the “Google Docs” name. The phishing emails spread almost like an old-style computer worm, propagating automatically after the fake web app stole contact lists from unsuspecting Gmail users who were sent emails that looked like genuine invites to edit Google documents.
Either way, Google has fixed this problem and is now altering its systems to prevent developers from abusing its authentication systems to spoof Google’s own products and services. What we still don’t know is just how sophisticated this attack was. The attackers were able to automate contact collection to spread the attack, and the fake web app also requested access to read, send, delete, and manage Gmail accounts.
In a statement issued late Wednesday night, Google assured Gmail users that, beyond contact info, no other sensitive data was gleaned from the attack and no further action is necessary to protect accounts:


We realize people are concerned about their Google accounts, and we're now able to give a fuller explanation after further investigation. We have taken action to protect users against an email spam campaign impersonating Google Docs, which affected fewer than 0.1% of Gmail users. We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems. We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed. There’s no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup.
  Via Moneycontrol News, the Verge

No comments