Think Twice About Accepting Shared Google Docs
An incredibly fast-moving phishing attack started hitting Gmail inboxes Wednesday.
Victims—who at first seemed to be journalists—receive what looks like an invitation to view a Google Doc from a known contact that instead replicates the attack to their address books, according to The Atlantic.
Clicking the link lets the attacker read, send and delete emails on a victim’s behalf without having login details, Recode reported. Two-factor authentication or changing a password doesn’t disable the attack; instead, users have to remove what looks like a Google Doc app from their account management pages. (Here’s Google’s recommended security check.)
The attack didn’t affect the real Google Docs program; it merely spoofed it. Google said it will be taking steps to prevent such trickery in the future and it also disabled the accounts associated with this specific attack.
May 3, 2017
Link to report
location of breach
location of perpetrators
date breach occurred
date breach detected