Google fans are being warned about a shocking new tactic employed by cyber thieves to steal your personal data including your password. The new attack is most likely to impact those who rely on Google Docs as scam emails are being pushed out with fake links to documents in an attempt to trick unsuspecting users into handing over their login details.
The threat, which could have devastating consequences for those who rely on a Google email address to reset passwords for other online accounts – like Amazon, PayPal or online banking, was spotted by the team at Avanan. The attack is pretty simple but hugely effective.
It starts with an email landing in your inbox with a link to a Google Doc. Once clicked, a word document appears in an official-looking Google Docs window. You’re then asked to download the document to view offline, with that link talking them to a Google account login window.
Of course, Google Docs never requires users to download the file before they can view it – and you’re unlikely to need to login again if you were using Gmail a few seconds earlier when you clicked the link. No, this is a clever ploy to trick people into inputing their email-password combination into a fraudulent login screen – handing the details direct to the hackers.
Avavan says that hackers are bypassing static link scanners by hosting their attacks in publicly known services. The security team says have seen this in the past with small services like MailGun, FlipSnack, and Movable Ink but this is the first time they are seeing it through a major service like Google Drive/Docs.
Avanan analysts also spotted this same attack method used to spoof a DocuSign phishing email. If you aren’t sure where an email has come from then experts advise never to click on links or download documents as they could contain malware.
It’s well worth changing the password linked to your Google account, especially if you think you’ve clicked on one of these fake Google Doc links.
Speaking about the attack Hank Schless, Senior Manager, Security Solutions at Lookout said: “This incident shows how simple it is to build a convincing phishing page. You don’t have to be an experienced software engineer to carry this out. Combining this tactic with social engineering could create a very convincing campaign where the attacker is able to swipe personal or corporate login credentials.
“Threat actors know that stealing legitimate login credentials is the best way to discreetly enter an organization’s infrastructure. Since most organizations use either Google Workspace or Microsoft 365 as their main productivity platform, attackers build phishing campaigns that specifically exploit those services. Once the attacker has those login credentials and can log into the cloud platform they’ve chosen to build their campaign around, there’s no limit to what data they could exfiltrate.”
This isn’t the first time scammers have used Google Docs to try and steal data. Back in 2017 Google warned users about a dangerous phishing attack that provided hackers with access to the entire contents of their Google accounts, including email, contacts and online documents.
Published at Sun, 20 Jun 2021 07:31:00 +0000