Google Docs Hit by Phishing Attack

Google Docs Hit by Phishing Attack

Don't edit that Google Doc, at least not today.

If someone invites you to edit a file in Google Docs, be careful opening it as it may be a sophisticated phishing scheme out to get your credentials.

As detailed on many websites since the attack started on the afternoon of May 3rd, the attack sends targets an emailed invitation from someone they may know, takes them to a real Google sign-in screen then asks them to "continue to Google Docs." But this grants permission to a third-party web app that has just been named "Google Docs." This gives the hacker access to your email and your address book.

This phishing scheme is different from others in that it works within the Google system. It takes advantage of the fact that you can create a non-Google web app with a misleading name.

If you have clicked the app, it may have already spammed everyone in your address book by you can revoke future access by going to Google's Connected Apps and Sites page, where you can remove access from "Google Docs." Also, it may be a good idea to change your password.

If you like what you see, get more delivered to your inbox weekly.
Click here to subscribe to our free premium content.

comments powered by Disqus

Digital Edition

  • Security Today Magazine - October 2018

    October 2018

    Featuring:

    • Streamlined for Success
    • Making Your Expertise Unique
    • An Eye on the Campus
    • Solving Problems
    • Enhancing Security

    View This Issue

  • Environmental Protection
  • Occupational Health & Safety
  • Infrastructure Solutions Group
  • School Planning & Managmenet
  • College Planning & Management
  • Campus Security & Life Safety