Google has released an official statement regarding the widespread phishing effort which uses a fake Google Docs app. In the official statement released on Google Docs’ twitter account, it has announced that the search giant has taken action to stop the phishing email, which involved disabling offending accounts, likely those behind the phishing email, and improving user’s protection against the email impersonating Google Docs. In addition, the search giant has said that they have removed fake pages, pushed updates to Google’s Safe Browsing, and alerted its security team against possible similar attacks. Google also encourages its users to report any phishing email attempts in the future.
The statement was released after a phishing email impersonating Google Docs became widespread. The search giant had moved swiftly to put an end to the phishing attempt before it could spread to more people. The scenario starts with users receiving an email stating that somebody in their contacts has shared a document with them. Within the said email was a link to the fake Google Docs apps, which looks very similar to an ordinary Google Docs link. Once the link was clicked, users will proceed to a login page asking the users to give the fake Google Docs app access to the email information. If the user decides to grant the fake app access to certain email information, it will send the same email, containing the link to the fake Google Docs app, to the email addresses stored in the contacts of the affected user.
This is not the first time that a phishing attempt was able to circumvent the otherwise very secure 2-step authentication used by Google and other websites. In a report released by TrendMicro, a group of Russian Hackers known as Fancy Bear gained access to the sensitive email information of certain high-profile individuals by tricking them to give fake apps like “Google Defender” access to their email account. This time, the phishing attempt is more widespread and otherwise harder to identify as a scam since the email containing the link to the fake app was sent by people in their contacts. In the case of any similar phishing attempts in the future, it is advised to always take extra caution regarding the links included in their emails and ensure that these apps, especially those named after Google services, are not fake.