Major Google Docs Phishing Went Live Today

By Ali Raza ⏐ 8 years ago ⏐ Newspaper Icon Newspaper Icon 2 min read
Google Docs

Hackers have devised a lethal way to carry out phishing using Google Docs. Rather than the usual pranks, they have found a way of carrying out phishing using Google Docs and with an address someone knows. If an email just dropped into your inbox from one of your contacts sharing a Google Doc, refrain from opening it since it’s a trap.

The anatomy of the attack looks like this:

  • You receive an email suggesting someone shared a Google Doc with you. Most likely, it would be someone from your contact list to reduce the level of suspicion.
  • Upon opening the fake document, the link will send you to a page where you will be required to select the Google account you want to use.
  • The next page will need you to give several permissions to access your Google document. If you have used Google Docs for a while, you know that this stage is never there. What is happening is that you are giving a hacker permissions to use your account to carry out an attack on yourself and others.
  • When you approve of the permissions, it will replicate itself by sending the same phishing email to your contacts.

Since you would have given the hacker full access to your account, any two-factor authentication or login alerts are overlooked as the hacker has the same access to your account as yourself. They can use your email to send out other phishing messages to other people. Even more dangerous is that they can use the account to reset passwords for most of your online accounts from PayPal to other email addresses.

If you have read this before getting the email, count yourself lucky. If you already clicked the link, start by revoking access to the link. Also, if your email address has been used to send out phishing messages to your contacts, make sure you follow up by sending them the mail explaining what is going on. While Google has stepped in and disabled the link, it has already spread to several Gmail users.

Google utilized the Twitter platform to share their stance and update on this massive attack.

Official Google Statement

Google, Google Docs, News

Related Posts

Grok 3 Xais Latest Ai Chatbot Takes On Chatgpt And Deepseek

Grok 3: xAI’s Latest AI Chatbot Takes on ChatGPT and Deepseek

By Huma Ishfaq ⏐ 12 hours ago

Musk’s AI company, xAI, has released Grok 3, its most advanced chatbot. It is designed to compete directly with OpenAI’s ChatGPT and Google’s Gemini.…

Pakistan Introduces Pak Id Mobile App To Facilitate Visa On Arrival

Pakistan Introduces ‘Pak ID’ Mobile App to Facilitate Visa-on-Arrival

By Huma Ishfaq ⏐ 13 hours ago

ISLAMABAD: In a significant move to enhance travel convenience, Pakistan has launched the ‘Pak ID’ mobile application, enabling citizens from 120 countries to apply…

Get Alerts