A Dangerously Convincing Google Docs Phishing Scam Is Spreading Like Wild [Updated]

A Dangerously Convincing Google Docs Phishing Scam Is Spreading Like Wild [Updated]

Oh God, a hacker’s on the loose with a new (but familiar) Google Docs phishing scam, and journalists are in the crosshairs.

Image: Gizmodo / Pexels

This morning, countless unsuspecting email users — including reporters from BuzzFeed, New York Magazine, Vice, as well as your friends here at Gizmodo Media — received some seemingly legit invites to view a Google Docs file. The email doesn’t look quite right, but anyone who clicks through arrives at a login screen that looks almost indistinguishable from the same screen you’d see if someone actually invited you to a Google Doc. It’s the one with a list of your Google Accounts, and it even matches Google’s recent redesign.

[referenced url=”https://gizmodo.com.au/2014/03/beware-of-this-dangerously-convincing-google-docs-phishing-scan/” thumb=”https://i.kinja-img.com/gawker-media/image/upload/t_ku-large/kxgpyid0hye20lj8n1ry.png” title=”Beware Of This Dangerously Convincing Google Docs Phishing Scam” excerpt=”A very tricky phishing scam that takes advantage of Google Docs is making its way around the web. And since it uses a google.com URL and even makes use of Google’s SSL encryption, it’s almost impossible to tell that it’s a hack. Your best safeguard, as always, is a little bit of common sense.”]

What’s even scarier than that, the page has a very real-looking Google.com URL and clicking on a link to Google Docs appears to confirm the page’s authenticity. It gets worse. That page invites to choose which account you’d like to use to view the Google Doc, and then you’re taken to a page that invites you to grant access to your Google Account. Here’s what the whole attack looks like:

If you get an email that looks like the one above, delete it immediately. There’s a good chance that it will appear to have been sent by someone with a legit-looking email address. One Gizmodo reader even shared an email that had come from a .gov email address. This kind of thing is easy to spoof, however.

There are a couple of telltale signs that this email is bullshit. It’s addressed to “hhhhhhhhhhh”, and the email itself doesn’t look quite like the ones that Google sends. That, and the fact that countless members of the media are reporting on Twitter that the email is a phishing scam. (The EFF told Joe Bernstein from BuzzFeed, where some of the earliest emails were spotted, that the attack was not intended to deliver malware but rather hijack credentials, another term for phishing.)

It’s still unclear who’s behind this attack, and we might never know. We reached out to Google for more information on the attack but had not heard back at time of writing..

In the meantime, be safe out there. And maybe don’t click on any Google Doc links for the rest of the week.

Update 1:52PM: Gmail has addressed the attack on Twitter:

Google has also sent us the following statement by way of a PR agency:

We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.

Google then sent us another statement, this time not from a PR agency but attributable directly to a Google spokesperson:

We realize people are concerned about their Google accounts, and we’re now able to give a fuller explanation after further investigation. We have taken action to protect users against an email spam campaign impersonating Google Docs, which affected fewer than 0.1% of Gmail users. We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems. We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed. There’s no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup.

The Cheapest NBN 50 Plans

It’s the most popular NBN speed in Australia for a reason. Here are the cheapest plans available.

At Gizmodo, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.