If someone invites you to edit a file in Google Docs today, don’t open it — it may be spam from a phishing scheme that’s been spreading quickly of the past 24 hours.
What makes this attack so tricky to detect is that it takes advantage of Google's legitimate tool for sharing data with responsible third-party apps. Since the bogus invitation is being routed through Google's real system, nothing is misspelled, the icons look accurate, and it's hard to know something's gone wrong until it's too late.
Google said Wednesday that it is working to ensure this type of "spoofing" doesn't happen again. "We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts," the company said in a statement.
In a classic phishing attack, hackers create a fake site that looks like a real site and is at a URL that’s similar to the official URL. The new attack works a bit differently. When you click the link, you go to Google’s real login page.
The problem is that after you’ve entered your password there, you’re redirected to a malicious third-party site. It never hurts to change your password, but experts say that won’t help in this case. Rather, what you need to do is revoke the permissions you unknowingly gave the malicious app to your account. To do that, go to the Google app permission page and look for the app called “Google Docs” — it’s not the real Google Docs. Click on that app and then click “Remove.”
Don't let your employees fall victim to phishing attacks, get in touch with us for our Cybersecurity Awareness Training Program.