Hackers launched a phishing campaign today, specifically targeting Google users via a phony Google Docs link.
Motherboard reports that multiple Gmail users are receiving fake Google Docs links from contacts that they know. When this fake Google Doc is accessed the user’s account is hijacked and utilized by hackers to spread the virus further. The emails are often addressed to “email@example.com” with the hacking target BCC’d on the email. Initially, it seemed that journalists were the main targets for the hackers but others are reporting issues worldwide.
@SwiftOnSecurity Not just Journalists. I'm at a 1500 user school district and we're getting hit.
— Joe Kwiatkowski (@joekthecaller) May 3, 2017
One Twitter user posted a video showing what happens when the fake Google Docs link in the email is clicked. The link brings you to a Google sign in page where you’re asked to choose an account to sign into Google Docs with, but the app being accessed by the users profile is a dummy app used to collect personal data. A Reddit post explaining this in detail can be found here.
— Zach Latta (@zachlatta) May 3, 2017
“We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts,” said Google in a statement to Motherboard. “We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”