Heads Up: Massive Google Doc Phishing Scam Has Hit the Scene and is Spreading Fast
Practically everyone uses Google Docs—you can collaborate with coworkers and friends, sharing any information you want to in real-time. Now, a new cyberattack has emerged in which a Google Doc phishing link is sent to a victim, hoping they click it and infect themselves with malware. But here’s the catch—this nasty malware manages to mask itself as sender who is a familiar face to the victim. And unfortunately, is pretty convincing.
Primarily aimed at journalists, this phishing scam has hit Gmail inboxes everywhere today. And it looks exactly like an email from a friend would. Here’s a screenshot of what the message looks like in a victim’s inbox, as provided by Fortune:
So, what happens if you click on the malicious link in your inbox? First, you arrive at a login screen that looks almost identical to the same screen you’d see if someone actually invited you to a Google Doc. It lists all of your Google Accounts, and it even reflects Google’s recent redesign. What’s worse—the page manages to resemble a very realistic Google.com URL and clicking on the link appears to confirm the page’s legitimacy.
Then, that page invites you to choose which account you’d like to use to view the Google Doc, and you’re taken to a page that invites you to grant access to your Google Account. Basically, you’ve just given the cybercriminal launching the attack gains access into your entire Gmail account.
So, what happens if you’re sent a questionable link from a “friend” today? Here’s the good news—this phishing email has been consistently addressed to “hhhhhhhhhhhhhh,” so clearly you can identify the attack that way. And if you do in fact become a recipient of this scam, avoid clicking the link at all costs. In fact, just delete the email entirely. Also, make sure to report the scam to Google as they’ve requested (see below).
As of now, the cybercriminal responsible for this widespread phishing scam has yet to be identified, but white hats are on the case.
The post Heads Up: Massive Google Doc Phishing Scam Has Hit the Scene and is Spreading Fast appeared first on McAfee Blogs.