All About Yesterday’s Google Docs Phishing Scam

First, the good news: unless you clicked on a screen like this yesterday afternoon, both you and your contacts are probably safe.

It was around that time that stories started popping up in my news feeds about a phishing scam seeking access to users’ Google accounts through Google Docs. Everything I saw linked to this reddit thread, which summarized the threat as follows:

  • uses the existing Google login system
  • uses the name “Google Docs”
  • is only detectable as fake if you happen to click “Google Docs” whilst granting permission
  • replicates itself by sending itself to all your contacts
  • bypasses any 2 factor authentication / login alerts
  • will send scam emails to everyone you have ever emailed

Pretty scary, right? That reddit thread was posted just before 3 pm Eastern; at 6:20 pm Google Docs tweeted this statement:

We have taken action to protect users against an email impersonating Google Docs & have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.

Even better, Android Police reported before midnight that Google had published a new version of the Gmail app for Android, with phishing protection baked in.

I see a lot of phishing emails on my non-Google email accounts, and I’m pretty impressed with how quickly Google moved to neutralize this threat. Hopefully no one reading this was affected by it!

Sources: Android Police, @GoogleDocs on Twitter, reddit

Leave a Reply