On Wednesday, Google suffered one of its biggest hacking attempts to date, with millions of Gmail accounts left exposed to a phishing scam.
As detailed on Reddit, the phishing attack sends individuals an emailed invitation from someone in their contacts list, inviting them to a real Google sign-in screen, asking them to “continue to Google Docs.”
Theverge.com reports:
BYPASS THE CENSORS
Sign up to get unfiltered news delivered straight to your inbox.
You can unsubscribe any time. By subscribing you agree to our Terms of Use
But this grants permissions to a (malicious) third-party web app that’s simply been named “Google Docs,” which gives phishers access to your email and address book.
The key difference between this and a very simple email phishing scheme is that this doesn’t just take you to a bogus Google page and collect your password — something you could detect by checking the page URL.
It works within Google’s system, but takes advantage of the fact that you can create a non-Google web app with a misleading name. Here’s what the permissions screen looks like, for example:
If you check the title for developer information, though, you’ll get something like this:
Here’s the whole process, from start to finish:
Just got this as well. Super sophisticated. pic.twitter.com/l6c1ljSFIX
— zach latta (@zachlatta) May 3, 2017
If you’ve clicked the link, your account may have already sent spam messages to the people in your address book. But you can revoke future access through Google’s “Connected Apps and Sites” page; where it will appear as “Google Docs.”
We’re still not sure exactly how widespread the attack is, but journalists from several outlets — including The Verge — have received spam emails.
In a statement issued this afternoon, Google says it’s taken measures to stop the spread of the attack and resolve the problem at its core:
We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts,” the company said in a statement. “We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.
Update 4:00PM ET, 5/3: We’re seeing reports that Google has disabled the application, although we’re still not sure exactly how far it’s spread, or if the attack might continue through another application.
Update 4:25PM ET, 5/3: Google has also said it is “investigating” the issue, warning users not to click on links in the meantime.
We are investigating a phishing email that appears as Google Docs. We encourage you to not click through, & report as phishing within Gmail.
— Gmail (@gmail) May 3, 2017
Update 5:17PM ET, 5/3: Added official statement from Google confirming the issue has been resolved.
