Beware of Google Docs invites; it could be a phishing scam
The latest danger on the Internet comes from an innovative phishing scheme that uses Google Docs as a lure. According to the most recent reports, Google has managed to solve the situation, but you should still be on guard until things quiet down a bit and stay away from invites and pop-ups related to Google Docs. Fortunately, I wasn't targeted by this scam, but I might have very well fallen prey to it as it's almost impossible to detect. Here's how it works:
First, the victims receive an invitation to a view a Google Documents, which looks very legit and comes from one of their contacts. Once you accept the invite, you are taken to a Google-like page showing all accounts used on the device and asking you to select the one that you want to use. Next, in a pop-up that perfectly mimics the ones from Google, you will read that Google Docs would like to manage your Gmail Account and contacts. The link from the Allow button is still a Google page, but if you click it, you've fallen victim to the scam.
Google Docs phishing scheme
As I said, Google reacted promptly and it completely stopped this attack, but the fact that the hackers could use Google Docs as the name of a fake app is a big oversight. In case you're a victim, go to your account permissions and if you see Google Docs on that list, disable it, then change your password(s). This is the second phishing scheme to attack Google's services in the last month, but the level of sophistication in this recent one was completely off the charts.
Comments