A Massive Google Docs Phish Might Have Stolen A Load Of Gmail Accounts – UPDATED
The Gmail logo is pictured on the top of a Gmail.com welcome page in New York Friday, April 1, 2005.A lot of people are getting some suspicious looking emails in their Gmail today.
(Forbes) –The malicious messages are coming from trusted contacts, asking them to open a Google Doc. As soon as the recipient clicks through, they are asked to give away permissions to an app imitating Google Docs, namely the ability to read, send, delete and manage email, as well as manage contacts. For the user, once they’ve clicked through, nothing happens. But the attacker is effectively given access to people’s Gmail. It appears whoever created the worm used that access to contacts to spread the
It’s remarkably sophisticated and spreading like wildfire. Given how many complaints Google is receiving on Twitter, it’s likely a lot of people were affected. For now, it looks like Google has shut the attack down by revoking the app and killing the phishing pages the attacker set up.
Phishing (or malware) Google Doc links that appear to come from people you may know are going around. DELETE THE EMAIL. DON’T CLICK. pic.twitter.com/fSZcS7ljhu
— Zeynep Tufekci (@zeynep) May 3, 2017
— Zach Latta (@zachlatta) May 3, 2017