Google Docs Phishing Scam

[Thejok]

Beware of Scam!!! Can you tell which is the correct page?

 

Image on the bottom is the correct page.

A very tricky phishing scam that takes advantage of Google Docs is making its way around the web. And since it uses a google.com URL and even makes use of Google's SSL encryption, it's almost impossible to tell that it's a hack. Your best safeguard, as always, is a little bit of common sense.

This phishing scam starts like many other phishing scams: with an email. The malicious message reportedly arrives with the subject line "Documents" and points to a Google Docs link. Again, it shows up in the address bar as a google.com domain and takes you to a fake log-in page that looks just like the real Google login page. This is how the hackers get you.

"The fake page is actually hosted on Google's servers and is served over SSL, making the page even more convincing," Symantec security expert Nick Johnston explained in a blog post. "The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive's preview feature to get a publicly accessible URL to include in their messages."

Once you log in through the fake page, you'll even be taken to an actual Google Doc. Your credentials will be sent to PHP script on a compromised server. You may never even know they've been swiped. Unless, of course, you don't fall for the scam in the first place.

To do this just watch out for two things. One, be careful clicking links in emails. If you receive an email from someone you don't know with a subject line like "Documents," it's probably up to no good. Second, if you show up at the log-in screen, you should notice that it doesn't recognize you as a Google user (if you are a Google user). That's the fake log in page pictured above to the left and a real Google log in page to the right. So if it seems strange that you have to log in again, beware.

Source : http://gizmodo.com/beware-of-this-dangerously-convincing-google-docs-phish-1546278702

 

 

Edited March 19, 2014 by Thejok

[Thejok]

Update

 

Good news, security lovers! Google announced that Gmail will be all encrypted all the time. Not only are your messages encrypted between Gmail and your computer, they're now also encrypted as they travel around Google's data centers. Then again always be on your guard to safeguard your own personal interest.

 

 

Source: http://googleblog.blogspot.sg/2014/03/staying-at-forefront-of-email-security.html

Your email is important to you, and making sure it stays safe and always available is important to us. As you go about your day reading, writing and checking messages, there are tons of security measures running behind the scenes to keep your email safe, secure, and there whenever you need it.

Starting today, Gmail will always use an encrypted HTTPS connection when you check or send email. Gmail hassupported HTTPS since the day it launched, and in 2010 we made HTTPS the default. Today's change means that no one can listen in on your messages as they go back and forth between you and Gmail’s servers—no matter if you're using public WiFi or logging in from your computer, phone or tablet.

In addition, every single email message you send or receive—100 percent of them—is encrypted while moving internally. This ensures that your messages are safe not only when they move between you and Gmail's servers, but also as they move between Google's data centers—something we made a top priority after last summer’s revelations.

[1fast1]

Update

 

Good news, security lovers! Google announced[/size] that Gmail will be all encrypted all the time. [/size]Not only are your messages encrypted between Gmail and your computer, they're now also encrypted as they travel around Google's data centers. Then again [/size]always [/size]be on your guard to safeguard your own personal interest.[/size]

Wonderful news! Now only Google themselves can sell me out to the NSA.

[Jman888]

 

Don't click that Google Docs link! Gmail hijack mail spreads like wildfire

Rogue app grabs contacts, peeks at inbox, spams everyone

3 May 2017 at 20:40, Iain Thomson

 

Final update If you get an email today sharing a Google Docs file with you, don't click it – you may accidentally hand over your Gmail inbox and your contacts to a mystery attacker.

 

The phishing campaign really kicked off in a big way on Wednesday morning, US West Coast time. The malicious email contains what appears to be a link to a Google Doc file. This leads to a legit Google.com page asking you to authorize "Google Docs" to access to your Gmail account.

 

Except it's not actually the official Google Docs requesting access: it's a rogue web app with the same name that, if given the green light by unsuspecting marks, then ransacks contact lists and sends out more spam. It also gains control over the webmail account, including the ability to read victims' messages and send new ones on their behalf.

 

Apparently no one at Google thought to block someone calling their app Google Docs.

 

If the permissions are granted, the software will immediately spam out the same message to all the people on your contacts list, bypassing two-factor authentication if you have that set up on your account. Here at Vulture West we've been getting bombarded with these emails, including some from journalists at other publications.

 

"There's a very clever phishing scam going around at the moment – originally thought to be targeting journalists given the sheer number of them mentioning it on their Twitter feeds, it's also been slinging its way across unrelated mailboxes – from orgs to schools / campuses," explained Christopher Boyd, malware intelligence analyst at Malwarebytes, today.

 

"This doesn't mean it didn't begin with a popped journo mailbox and spread its way out from there, or that someone didn't intentionally send it to a number of journalists of course – but either way, this one has gone viral and not in a 'look at the cute cat pic' fashion."

 

The emails do have some distinguishing characteristics. They are all addressed to the same [email protected] address, with the victims BCC'd, and sent from the last person to accidentally authorize the malicious app.

 

If you have fallen prey to the attack, there are steps that can be taken to ameliorate the situation. Simply go into your Google account permissions page and remove all the access privileges for the evil Google Docs account.

 

Google hasn't released an official statement, however its Project Zero wunderkind Tavis Ormandy has confirmed that the security team is on the case. Gmail has also said it is aware of the issue.

 

It doesn't appear at this point that there's a malware payload included with the messages, but it's very early days yet. What is clear is that this messages are spreading like wildfire and the attackers are going to be harvesting email lists for future attacks – so let's be careful out there.

 

For what it's worth, the servers hosting the malicious app appear to be down at time of writing. Reg hacks who received the messages had to fish the phishes out of their spam folders. ®

 

Updated to add

 

Google has now issued a statement on the attack, saying it has locked down its systems to prevent any further spread of the emails.

 

"We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts," said a spokesperson in an email.

 

"We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail."

 

Cooper Quintin, staff technologist at the EFF, told The Register that he has now collected over 400 samples of the emails and it doesn't appear to be carrying a malware payload. The attack bears some similarities to a nation-state attack earlier this year but he said that, in his opinion, this case was too noisy to be state actors.

 

"Nation state attacks prefer to stay under the radar," he explained. "It was a hell of an attack, but may have been too successful for its own good."

 

In the best case scenario the attackers would just have gained a shed-load of valid email addresses and a good idea of who is likely to click on such links. But, Cooper pointed out, the attacker would also have been able to scan emails for useful snippets of data for other attacks.

 

Final update

 

A Google spokesperson has got back to us with some more info:

 

We realize people are concerned about their Google accounts, and we're now able to give a fuller explanation after further investigation. We have taken action to protect users against an email spam campaign impersonating Google Docs, which affected fewer than 0.1% of Gmail users.

 

We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems. We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed. There’s no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup.

 

So, based on that statement, and given that more than a billion people use Gmail now, potentially more than a million Gmail users had their contact lists ransacked today.

 

Sleep tight.