If someone invites you to edit a file in Google Docs today, don’t open it — it may be spam from a phishing scheme that’s been spreading quickly this afternoon. As detailed on Reddit, the attack sends targets an emailed invitation from someone they may know, takes them to a real Google sign-in screen, then asks them to “continue to Google Docs.” But this grants permissions to a (malicious) third-party web app that’s simply been named “Google Docs,” which gives phishers access to your email and address book.
The key difference between this and a very simple email phishing scheme is that this doesn’t just take you to a bogus Google page and collect your password — something you could detect by checking the page URL. It works within Google’s system, but takes advantage of the fact that you can create a non-Google web app with a misleading name. Here’s what the permissions screen looks like, for example:
If you check the title for developer information, though, you’ll get something like this:
Michael Kuster opened Digital Age Solution in 2005 after managing Information Technology for various government agencies for many years. Before taking on this venture full-time, he operated a web site design and hosting company, KusterNet, for a decade. After being asked by web site customers to manage and maintain their computers, KusterNet became Digital Age Solution.
Mike maintains a hands-on, active role in the management and delivery of service to customers at Digital Age Solution. Rather than sitting behind a desk, he can often be found running cable on telephone poles, fixing computers on-site, and providing one-on-one support to customers.
Mike lives in Walkersville, Maryland with his wife and three children. He actively serves as a volunteer and board member for several non-profits including 4-H, Federated Charities, and the Town of Walkersville.