Google Phishing Attack

If someone invites you to edit a file in Google Docs today, don’t open it — it may be spam from a phishing scheme that’s been spreading quickly this afternoon. As detailed on Reddit, the attack sends targets an emailed invitation from someone they may know, takes them to a real Google sign-in screen, then asks them to “continue to Google Docs.” But this grants permissions to a (malicious) third-party web app that’s simply been named “Google Docs,” which gives phishers access to your email and address book.

The key difference between this and a very simple email phishing scheme is that this doesn’t just take you to a bogus Google page and collect your password — something you could detect by checking the page URL. It works within Google’s system, but takes advantage of the fact that you can create a non-Google web app with a misleading name. Here’s what the permissions screen looks like, for example:

Google Docs phishing screen

If you check the title for developer information, though, you’ll get something like this:

Gdocs Phishing attempt

  •  If you’ve clicked the link, your account may have already sent spam messages to the people in your address book. But you can revoke future access through Google’s “Connected Apps and Sites” page; where it will appear as “Google Docs.”
  • Google Docs phishing access

Michael Kuster opened Digital Age Solution in 2005 after managing Information Technology for various government agencies for many years. Before taking on this venture full-time, he operated a web site design and hosting company, KusterNet, for a decade. After being asked by web site customers to manage and maintain their computers, KusterNet became Digital Age Solution.

Mike maintains a hands-on, active role in the management and delivery of service to customers at Digital Age Solution. Rather than sitting behind a desk, he can often be found running cable on telephone poles, fixing computers on-site, and providing one-on-one support to customers.

Mike lives in Walkersville, Maryland with his wife and three children. He actively serves as a volunteer and board member for several non-profits including 4-H, Federated Charities, and the Town of Walkersville.