Yesterday was not a good day for Google. First the Google Drive outage that prevented many Google users from accessing data on the popular file hosting service, and then a new sophisticated phishing that targeted Google users.
Just to refresh your memory on that: Gmail users started to get emails in which they were notified that someone shared a document on Google Docs with them.
The email included just a single sentence that repeated the invitation, and a blue button to open the document in Docs.
Zach Latte posted a gif of the whole process on his Twitter account.
A click on the button loaded the Google Accounts website. Users who use multiple accounts on Google are asked to select one to grant permissions.
A click on the name of the developer, Google Docs, reveals right on that page that something is not right. Instead of setting an official Google email or address there, third-party developer information was listed on the page.
The next page highlights the requested permissions. In this case:
If you hit allow on the page, you give the attacker access to your Gmail email messages, and all of the contacts. The latter will likely result in even more phishing emails being sent out.
The former is highly problematic, especially if you have linked other accounts to the Gmail account email address.
A simple example: if you host a website with domain, and use the Gmail address for the account, the attacker could gain access to the account and transfer the domain to another account.
If the attacker uses filters on Gmail to hide emails from the hosting company, the transfer may not be detected until it is too late.
The main issue with the phishing attack is that the attacker impersonated Google Docs for the attack, something which should have been blocked by Google.
Google has blocked the account in the meantime, removed the fake pages, and pushed updates to Safe Browsing on top of all that.
Google users who gave permissions to the attacker should remove the Google Docs entry from the application permissions page on the Google website. This page highlights all apps that you have granted permissions to.
Google recommends that users run the company's Safety Checkup tool on top of this.
Now You: Would you have detected the phishing attack?
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.