Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

C2 provides technology services and consultation to businesses and individuals.

T (818) 584 6021
Email: info@c2techs.net

C2 Technology Partners, Inc.
26500 Agoura Rd, Ste 102-576, Calabasas, CA 91302

Open in Google Maps
QUESTIONS? CALL: 818-584-6021
  • HOME
  • BLOG
  • SERVICES
    • Encryption
    • Backups
  • ABOUT
    • Privacy Policy
FREECONSULT
Monday, 08 May 2017 / Published in Woo on Tech

Google Docs spoof snares up to 1M victims

Last week, reports started surfacing about an unusual phishing attack that was spreading via Google docs. It was unusual in that it was spreading via a previously undiscovered weakness in Google’s typically tight security, as well as not seeming to have the expected signatures of a traditional phishing attack, eg. stealing your logins and passwords. In this particular case, the malware’s primary objective seems to have been to spread by stealing and using your Google contacts to propagate. It was also deceptively benign looking, as it used Google’s own authentication interface and a fake app named “Google Docs” to trick victims into allowing the privileged access.

What this means for you:

According to Google, less than 0.1% of its user base was affected by this scam, but when you do the math, that may equal as many as one million Gmail users. This particular attack spread quickly, primarily because it came from a known contact, and utilized a legitimate authentication process to grant access to a fake app. Thankfully, Google was able to close up the vulnerability within an hour of discovery, preventing what might have been a much larger calamity.

Coincidentally, a similar phishing attack actually hit one of our clients that same week. This attack, while not nearly as clever as the above, still used authentic-looking text and images to trick my client into giving up a password. It was convincing enough that it didn’t occur to him that it was an actual scam until he contacted the sender a few days later and found out, to his chagrin, that it wasn’t a legitimate request.

Simplifying the exchange of information is actually one of the greatest benefits that the internet has wrought, but as can been seen, the process has become so commonplace and taken for granted, that when trusted systems are undermined, humans are easily fooled. Unfortunately, the only way to combat this weakness is for us to be ever vigilant and distrustful, which is doubly hard when we see a known contact’s name at the bottom of a fake invitation. The hackers only have to get us to let down our guard once and they will be on us like piranha. Always stop and think before granting access to anything, especially if its the keys to your email kingdom.

  • Tweet

What you can read next

A shrinking bubble of protection
Today’s Antivirus Software is already outgunned
Google Glass Logo
No Facial Recognition in Google Glass…for Now
Facebook – Too little, too late?

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Update your tech vocabulary for 2023

    If there is one thing that the Internet excels ...
  • We sold our souls, but not how you might think.

    Part of an occasional series of articles that d...
  • “Low on Cyan.”*

    If you catch me at the end of a frustrating day...
  • GPTBot starts crawling the web. Resistance is futile.

    I know some of you are Trekkies, and even if yo...
  • Surprise, surprise. Hackers are using AI to bolster their attacks.

    The FBI held a press conference last week to co...

Archives

  • GET SOCIAL
Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

© 2016 All rights reserved.

TOP