A Google Docs phishing attack, that paraded as a genuine link to a shared document, caused widespread panic on the internet Wednesday.
On the same day that Facebook’s WhatsApp was down for the count, some Google users (Fortune’s Jeff John Roberts suggests that the scam was targeted at journalists) received an email with a seemingly normal Google Docs link.
No ad to show here.
Closer inspection revealed a few oddities.
The sender of the mail is the rather hilarious “firstname.lastname@example.org” but the consequences of clicking the mail aren’t.
Taking unsuspecting users to a faux OAUTH authentication page, suggesting that Google Docs requires authorisation to open the document. The scam then baits people into sharing their account credentials with the scammer. How exactly? Users unsuspectingly authorise the fake Google Docs account to gain full access to use your Google data.
It’s a pretty smart scam too. A GIF posted to Twitter by hacker Zach Lattav (spotted by Fortune) details what happens after you click the link.
Pretty innocuous, right?
— Zach Latta (@zachlatta) May 3, 2017
Google has since quelled the scam’s flame, updating users on Wednesday at around 9.30pm SAST on the Google G Suite service log that “the problem” should be remedied.
Google Docs was used in a phishing scam that swept through inboxes across the world Wednesday
“We apologise for the inconvenience and thank you for your patience and continued support. Please rest assured that system reliability is a top priority at Google, and we are making continuous improvements to make our systems better,” it wrote.
Google also took to Twitter.
— Google Docs (@googledocs) May 3, 2017
There’s been no word on who was responsible for the scam, nor has Google indicated just how many users might’ve been affected, but for those affected by it are probably more concerned about their security.
To check if you’ve been affected, head on over to Google’s permissions page (you’ll need to be logged in). If “Google Docs” appears on this list, remove it.
While you’re at it, you should probably think about changing your password and enabling two-factor authentication too.