Categories: Security

The Google Doc Phishing Attack of 2017: Can It Happen Again?

On Wednesday, May 3rd, Google and Gmail users experienced a wide, sophisticated phishing attack. It came from a phony app that called itself “Google Docs.” During this incident, approximately 1 million Gmail users received an email asking them to open a Google Doc. If the link was clicked, the user was taken to a page to open the document with their Google account. Doing so would then give the attacker access to the user’s email account and contacts. If you think you have fallen victim to this scam or a similar scam, you should use Security Scan to quickly check your device for malware:

Phishing is a popular method of stealing credentials in order to hack email accounts, bank accounts, or other private accounts. Luckily, Google was able to shut down the attack and delete the offending app within an hour of it’s launch. Not all companies and individuals are this savvy at identifying threats, though. The only way this kind of phishing can be identified is by looking at the developer information very closely. Since the average person doesn’t always read the fine print, security scanning software is vital.

The culprit of this attack is the Open Authorization system used by Google as well as several other sites to log users into multiple accounts at once. When you log in with this system, it creates a session token which can be transferred to other sites and services, which then logs you into them as well — indefinitely. And this is why it is so dangerous. When you log in to those fun online quizzes, you don’t often think of what happens when you leave the quiz site. If you stay logged into facebook and other sites that use OAuth, you open yourself up to scams like phishing and viruses.

Because OAuth uses session tokens instead of passwords, it is incredibly easy to hack. All the malware worm needs to do is make itself look legitimate by using icons, logos, and emails. In other words, OAuth systems depend on websites and applications telling the truth about who they are. As OAuth itself is not a security system, but a logging in system, these kinds of attacks are hard to catch because they look legitimate. Computers and laptops are the most susceptible to this kind of attack, but these attacks can happen to phones and mobile devices, too. That’s why it is important to regularly scan your device for malware in order to identify applications or downloads that could secretly be stealing your information.

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.