Fake Google Docs phishing deluge hits Gmail

A new phishing attack has appeared in inboxes around the world that masquerades as an email contact sharing a Google Doc.

The emails appear to originate from a legitimate account, with the email addressed to hhhhhhhhhhhhhhhhh@mailinator.com and dozens of contact email addresses blind carbon copied (bcc) in.

Upon clicking the “Open in Docs” button on the standard Gmail pop-up, users are invited to click on the link to open the document, which also redirects them to a legitimate Google sign-in page.

Users are then prompted to select one of their Google accounts using Google’s normal sign-in system and asked to authorise an app called “Google Docs” to manage emails.

However, the app called “Google Docs,” which requests permission to read, send, and delete emails, is not a real Google app.

Clicking the link authorises the attack, and a user’s account will then be hijacked and used as an infection vector, repeating the same behaviour to every contact a user has ever emailed.

It also bypasses 2 factor authentication, as well as login alerts.

Users that have clicked “allow” have fallen victim to the campaign.

By | May 3, 2017 — 23:12 GMT (00:12 BST) |

Full article:

Source: Fake Google Docs phishing deluge hits Gmail | ZDNet

Update: Google patched this flaw in about an hour after it was found.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.