New Phishing Scheme on Google Docs Affects 1 Million Users

A new type of phishing attack has recently spread across Google Docs, a tool that allows you to create and edit documents online for free. As with many other similar attacks, the threat arrived via email to many users and requested that they allow access to a shared document using that same tool in order to edit it. Once permissions were granted users would be redirected to a new app which looked exactly like Google Docs, simultaneously granting the attacker access to your emails and possibly other associated services. The attack was quite elaborate and practically undetectable, but fortunately Google acted pretty quickly and the menace was extinguished in no time. This wasn’t enough, however, since the short time it was active was enough to infect 0.1% of Gmail users, which considering Google’s 1 billion customers is roughly the same as saying 1 million people had been affected.

Since this phishing attack exploits OAuth, the first measure you can take for extra security is to review your apps’ permission and manage them suitably. But then again, the large number of apps available using OAuth can become quite difficult to manage, as you’ll probably spend the rest of your life searching for their respective permission management pages. Yet while that’s quite easy with Google since it is one of the biggest companies on Earth, it is quite tricky with smaller companies since your account’s details and permissions are often hidden somewhere in a dark corner of the web.

Given this, make sure you pay attention to which permissions you allow either when installing an app or creating an account and always have a proper antivirus or security suite along with you.