I was one of the millions to receive an email for a sophisticated Google docs scam that’s going around. Fortunately, I didn’t click on it, since I wasn’t expecting any documents.  This malware was able to infiltrate the contacts list of the people who fell for it, sending out mail to their contacts that appeared to be from someone they knew.

The message looks innocent enough. The message uses the name of one of your contacts and says that person wants to share a file from Google Docs.

https://i2.wp.com/imgsrv.worldstart.com/images/ct-images/2017/05/google-phish.jpg?w=616

Now, most phishing scams count on you entering a password or account information, but this one is so tricky, you don’t have to give it any information.

In this case, crooks created a fake app that looks like Google Docs and tricks you into authorizing access.

It used an OAuth attack, which means it took advantage of open authorization. Open authorization lets communicate to each other enabling things like having a voice assistant put events on your calendar. Currently, nearly 300,000 apps have that function.  Because of this simply changing a password or even having two-factor authentication won’t help – because it didn’t ask for a password. The only way to get around it is to go to Google Account Permissions.

Look for an app called Google Docs and Remove Permissions.

https://i1.wp.com/imgsrv.worldstart.com/images/ct-images/2017/05/connected-apps.jpg?w=616

Google says they’ve closed the account behind the app and removed the app. But those crooks still have their hands on the information they got from the folks who fell for this scam. And this certainly won’t be the last time crooks try this method of attack, considering how well it worked.

Remember, don’t just click on things without thinking – even if it’s from a contact. Check to make sure they actually sent you something.

~ Cynthia