Sophisticated Phishing (or malware) Attack In Google Doc

If someone invites you to edit a file in Google Docs today, don’t open it

It may be spam from a phishing scheme that’s been spreading quickly this afternoon. As detailed on Reddit, the attack sends targets an emailed invitation from someone they may know, takes them to a real Google sign-in screen, then asks them to “continue to Google Docs.” But this grants permissions to a (malicious) third-party web app that’s simply been named “Google Docs,” which gives phishers access to your email and address book.

The key difference between this and a very simple email phishing scheme is that this doesn’t just take you to a bogus Google page and collect your password — something you could detect by checking the page URL. It works within Google’s system, but takes advantage of the fact that you can create a non-Google web app with a misleading name. 

Here’s what the permissions screen looks like, for example:

If you check the title for developer information, though, you’ll get something like this:

Here’s the whole process, from start to finish:

@zeynep Just got this as well. Super sophisticated. pic.twitter.com/l6c1ljSFIX

— Zach Latta (@zachlatta) May 3, 2017

If you’ve clicked the link, your account may have already sent spam messages to the people in your address book. But you can revoke future access through Google’s “Connected Apps and Sites” page; where it will appear as “Google Docs.”