Google Docs phishing scam sweeps across internet, sophisticated attack targets users inboxes via disguised link

Google successfully doused out a phishing scam' which could have led to massive ramifications with an intent to supply personal information of users and put their security in jeopardy.

author-image
gautam lalotra
Updated On
New Update
Google Docs phishing scam sweeps across internet, sophisticated attack targets users inboxes via disguised link

Google - File Photo

US tech giant Google successfully doused out a “phishing scam” which could have led to massive ramifications with an intent to supply personal information of Gmail users and put their security in jeopardy. The scam was conceptualized to fool people using a Google Docs link.

However, the ultimate objective of the phishing scam and the preparators behind it are still unknown.

The scheme was envisaged to take advantage of technology that the search engine giant makes available to any website allowing people to log in to them with their Google username and password. The websites can get access to information people store with Google, including their contacts. 

Google’s response to an AFP inquiry was through an email. The email stated "We have acted to protect users against an email impersonating Google Docs, and have disabled offending accounts," the email further stated that “"We've removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again."

Cooper Quintin, staff technologist of the Electronic Frontier Foundation explained the phishing scam. He stated that the scam worked through a deceptive email that used both phishing attack and a worm. Once the email was opened, it would open the door to malicious code that worked its way into their messaging programs and spread rapidly to others.

Initially an email would arrive from a known contact’s real address, containing a link for a file to be shared through Google Docs, and if you clicked on the link, it led to a real web address of Google and asked for permission to run an application cleverly titled Google Docs.

It asked for authorizations which included allowing it read and send emails on the user’s behalf. It was quite cleverly concealed so that it immediately did not look like phishing email.

Quintin stated that authorizing the app led to it sending the same emails to everyone in the user’s contacts.Quintin also stated that the app was disabled within hours of it spreading rapidly along with the online domains it was connecting to.

"I suspect that it was far more successful than whoever released it into the world hoped or expected, and was maybe undone by its own success," he said.He further added that the domains were blocked quickly and Google disabled the application, so it was no longer a threat.
The California based internet powerhouse claimed that it was stopped within an hour and the scam affected less than 10% of Gmail users. Gmail at present has more than 1 billion users.

The spokesperson also said that apart from contact information, no other data was accessed by the scam.

Google