Google Docs Phishing Scam Stopped, But Don’t Let Your Guard Down Yet
A couple days ago, some Google users reported an advanced phishing scam involving Google Docs. The scam starts by sharing a Google Doc with a Gmail users, which then took users to a real Google Doc page to select their account. From there, it took users to a fishy page that requested access to a user’s account. It wouldn’t be that hard to approve that page without a second thought accidently. Google often has apps, and their products ask access to users information including account data, contacts, and other valuable information. While Google users can revoke access to the phishing account, someone could have pulled all the data they wanted.
The phishing scam first was outlined on Reddit, with a full write up. While most phishing scams are easy to spot, this one fooled many veteran internet users. It used Google’s official pages and didn’t direct of the site, which many other scams often do. This one scam was one of the more advance one’s we’ve seen to recent date.
Google Docs Phishing scam is fixed but don’t let your guard down
Google has “fixed” the phishing scam. The problem with the fix is there is no good fix. Google disabled the Google Docs account and prevent that user from creating any more trouble, at least for now. In a statement, Google said that they’ve pushed updates through Safe Browsing, removed the fake pages, and their abuse team is tasked with preventing this spoofing from happening. Anyone who receives the phishing emails should report them to Gooogle.
Google stopped on account from using Google’s own permission to compromise users accounts. The problem is more scammers will likely start using the same method to try and steal valuable information. Users can only prevent being undermined by watching who they give permission to. Don’t open random emails, and don’t give permission to anyone who you don’t trust. It’s hard to tell at times what is a scam and what to trust, so use your best judgment.
Tell us your thoughts! Were you affected by the phishing scam or did you spot the problem from the start?