Site icon Wonderful Engineering

Beware Of This Very Convincing Google Docs Phishing Scam That Is Everywhere

Google Docs phishing attack (2)

Source: The Verge

There are over 1 billion Gmail users all around the world, and once more a lot of them got attacked by a very convincing Google Docs phishing scam. It has hardly been a few months since the last Gmail scam that spread like a wildfire. The attacks continue to get more convincing leaving even the tech savvy users in crosshairs.

On the afternoon of Wednesday, a lot of users that included the reporters from BuzzFeed, Hearst, New York Magazine, Vice, Gizmodo and plenty more received emails with very realistic invites to view a Google Docs file. Clicking on the link will redirect you to a login screen, just like that of real Google accounts complete with the list of all your Google Accounts.  The hackers did not even miss out on a hair while replicating Google’s newest design.

Apart from the perfect layout, the authentic looking Google.com URL makes it even worse. If you did not receive the email directly from the hackers, you might receive one from one of your contacts who fell prey to the attack. If anyone clicks on the link, the malware will forward the email to all their contacts, which makes the scam even more believable.

The email is sent by very legitimate looking email addresses with extensions that you might believe. Some addresses had .gov, .buzzfeed extensions that were more trustable for the intended users. The purpose is not to deliver malware but to hijack the credentials.

Convincing as it might seem if you look closely enough, you will notice the differences from the actual Gmail Google Docs emails. The most prominent hint is the “hhhhhhhhhhh” email to which it is addressed with your email address in “Bcc.”

Google has said that the malicious accounts have been disabled and the users have been updated. A spokesperson stated that less than 01 percent of Gmail users were affected, equating to about 1 million people. Google managed to control the attack in about an hour of its happening and released an official statement on Twitter:

This particular attack has been controlled, but it was without a doubt quite successful. Similar attacks from attackers may follow until Google manages to block the entire concept once and for all. When on the internet, look thrice before you click anything. Not all that glitters is gold. Well, in this case, not all that looks like Google is Google.

 

Exit mobile version