Phishing scam is using Google Docs to trick users


A malicious email is spreading through the internet like wildlife and it includes an invitation to view a Google Doc.

Users are asked to click on the link, which ultimate gives the hackers behind the attack access to the contents of their Google accounts, including email, contacts and documents.

Not only are victims’ accounts controlled by a malicious party, but if users follow the instructions, the same email is sent to anyone they have ever emailed and their contacts.

Users are asked to click on a link, which provides the hackers access to the contents of their Google accounts, including email, contacts and online documents. The malicious emails appeared to be addressed to 'hhhhhhhhhhhhhhhh@mailinator.com' with recipients BCCed

Users are asked to click on a link, which provides the hackers access to the contents of their Google accounts, including email, contacts and online documents. The malicious emails appeared to be addressed to 'hhhhhhhhhhhhhhhh@mailinator.com' with recipients BCCed

Users are asked to click on a link, which provides the hackers access to the contents of their Google accounts, including email, contacts and online documents. The malicious emails appeared to be addressed to ‘hhhhhhhhhhhhhhhh@mailinator.com’ with recipients BCCed

PHISHING SCAM 

Clicking the malicious link takes users to a what looks like a Google-hosted page that presents them with a list of their accounts.

The page asks users to select one of their accounts and provide an app called ‘Google Docs’.

Once you press ‘allow’, the Google Docs app, which was developed by the cyber trouble makers, can now sift through your emails and contacts, allowing it to continue the infected chain-mail.

Although it may seem harmless, experts warn that these hackers now have access to your Google account and any personal information inside.

The scam seems to have surfaced sometime Wednesday afternoon and appeared to first target journalists – many reports from BuzzFeed, Hearst, New York Magazine and Gizmodo reported receiving the infected email.

However, looking at one of the emails shared by Joe Berstein from Buzzfeed, it is clear to see that something is just not right.

The malicious emails appeared to be addressed to ‘hhhhhhhhhhhhhhhh@mailinator.com’ with recipients BCCed.

Victims have noted that the email sender may be someone you know or who is one of your contacts. 

Users are asked to click on a link to view a document, which provides the hackers access to the contents of their Google accounts, including email, contacts and online documents, according to security experts who reviewed the scheme.

Clicking the malicious link takes users to a real Google-hosted page that presents them with a list of their accounts, TechCrunch reported.

The page asks users to select one of their accounts and provide an app called ‘Google Docs’.

Once you press ‘allow’, the Google Docs app, which was developed by the cyber trouble makers, can now sift through your emails and contacts, allowing it to continue the infected chain-mail.

A Twitter user created a video to show users how the scam works, so they can be prepared if they receive the malicious email

Clicking the malicious link takes users to a real Google-hosted page that presents them with a list of their accounts. The page asks users to select one of their accounts and provide an app called 'Google Docs'

Clicking the malicious link takes users to a real Google-hosted page that presents them with a list of their accounts. The page asks users to select one of their accounts and provide an app called 'Google Docs'

Clicking the malicious link takes users to a real Google-hosted page that presents them with a list of their accounts. The page asks users to select one of their accounts and provide an app called ‘Google Docs’

Google has acknowledged the attack and released a statement on Twitter notifying the public that they ‘are investigating a phishing email that appears on Google Docs’.

The tweet continued to read: ‘We encourage you to not click through & report as phishing within Google’.

Once you press 'allow', the Google Docs app, which was developed by the cyber trouble makers, can now sift through your emails and contacts, allowing it to continue the infected chain-mail. Twitter users are sharing some of the emails to warn others of the scam

Once you press 'allow', the Google Docs app, which was developed by the cyber trouble makers, can now sift through your emails and contacts, allowing it to continue the infected chain-mail. Twitter users are sharing some of the emails to warn others of the scam

Once you press ‘allow’, the Google Docs app, which was developed by the cyber trouble makers, can now sift through your emails and contacts, allowing it to continue the infected chain-mail. Twitter users are sharing some of the emails to warn others of the scam

Google has acknowledged the attack and released a statement on Twitter notifying the public that they 'are investigating a phishing email that appears on Google Docs'. The tweet continued to read: 'We encourage you to not click through & report as phishing within Google'

Google has acknowledged the attack and released a statement on Twitter notifying the public that they 'are investigating a phishing email that appears on Google Docs'. The tweet continued to read: 'We encourage you to not click through & report as phishing within Google'

Google has acknowledged the attack and released a statement on Twitter notifying the public that they ‘are investigating a phishing email that appears on Google Docs’. The tweet continued to read: ‘We encourage you to not click through & report as phishing within Google’

And although some may see this attack as nothing but spam, experts warn it is much more serious than that.

‘This is a very serious situation for anybody who is infected because the victims have their accounts controlled by a malicious party,’ Justin Cappos, a cyber security professor at NYU Tandon School of Engineering, told Reuters.

And although some may see this attack as nothing but spam, as shared in some tweets, experts warn it is much more serious than that, as hackers are now able to get into user's Google accounts

And although some may see this attack as nothing but spam, as shared in some tweets, experts warn it is much more serious than that, as hackers are now able to get into user's Google accounts

And although some may see this attack as nothing but spam, as shared in some tweets, experts warn it is much more serious than that, as hackers are now able to get into user’s Google accounts

Cappos said he received seven of those malicious emails in three hours on Wednesday, an indication that the hackers were using an automated system to perpetuate the attacks.

He said he did not know the objective, but noted that compromised accounts could be used to reset passwords for online banking accounts or provide access to sensitive financial and personal data. 

 



Source link

Be the first to comment on "Phishing scam is using Google Docs to trick users"

Leave a comment

Your email address will not be published.


*