May 09 2017

Google Neutralizes Docs Phishing Scam


 A phishing scam that surfaced earlier this week used Google Docs in an attack against at least 1 million Gmail users.

However, that amounted to fewer than 0.1 percent of Gmail users were affected, according to the company.

Anti-Phishing Security Checks

  • Coincidentally, Google this week introduced a new anti-phishing security feature to Gmail on Android. The new t
  • Google is gradually rolling out the new feature to all G Suite users.
  • Inbuilt Styling: Both light and dark styling for standalone support
  • Configurability: Highly configurable from options dealing with transition, to content type and layout.
  • K2 Support: Fully compatible with the powerful content constructive component K2.


How the Docs Attack Went Down

This week's Docs attack was an effective approach to luring users before Google clamped down.

People got an email from someone they knew inviting them to click on a link to collaborate on a Google Doc.

Clicking on the "Open in Docs" link redirected them to a Google OAuth 2.0 page to authorize the Google Docs application, which was a fake.

The application stated that Google Docs would like to read, send, delete and manage the recipient's email and manage their contacts -- requests common to several applications that use Google as an authentication mechanism.