Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

C2 provides technology services and consultation to businesses and individuals.

T (818) 584 6021
Email: [email protected]

C2 Technology Partners, Inc.
26500 Agoura Rd, Ste 102-576, Calabasas, CA 91302

Open in Google Maps
QUESTIONS? CALL: 818-584-6021
  • HOME
  • BLOG
  • SERVICES
    • Encryption
    • Backups
  • ABOUT
    • SMS Opt-In Form
    • Terms and Conditions
    • Privacy Policy
FREECONSULT
Monday, 08 May 2017 / Published in Woo on Tech

Google Docs spoof snares up to 1M victims

Last week, reports started surfacing about an unusual phishing attack that was spreading via Google docs. It was unusual in that it was spreading via a previously undiscovered weakness in Google’s typically tight security, as well as not seeming to have the expected signatures of a traditional phishing attack, eg. stealing your logins and passwords. In this particular case, the malware’s primary objective seems to have been to spread by stealing and using your Google contacts to propagate. It was also deceptively benign looking, as it used Google’s own authentication interface and a fake app named “Google Docs” to trick victims into allowing the privileged access.

What this means for you:

According to Google, less than 0.1% of its user base was affected by this scam, but when you do the math, that may equal as many as one million Gmail users. This particular attack spread quickly, primarily because it came from a known contact, and utilized a legitimate authentication process to grant access to a fake app. Thankfully, Google was able to close up the vulnerability within an hour of discovery, preventing what might have been a much larger calamity.

Coincidentally, a similar phishing attack actually hit one of our clients that same week. This attack, while not nearly as clever as the above, still used authentic-looking text and images to trick my client into giving up a password. It was convincing enough that it didn’t occur to him that it was an actual scam until he contacted the sender a few days later and found out, to his chagrin, that it wasn’t a legitimate request.

Simplifying the exchange of information is actually one of the greatest benefits that the internet has wrought, but as can been seen, the process has become so commonplace and taken for granted, that when trusted systems are undermined, humans are easily fooled. Unfortunately, the only way to combat this weakness is for us to be ever vigilant and distrustful, which is doubly hard when we see a known contact’s name at the bottom of a fake invitation. The hackers only have to get us to let down our guard once and they will be on us like piranha. Always stop and think before granting access to anything, especially if its the keys to your email kingdom.

  • Tweet

What you can read next

A win for the good guys
Things you should know as a WFH Pro
Password Managers targeted
Trojans targeting Password Managers

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • mid year check-in

    Mid-Year IT Health Check: 10 Things Professional Services Firms Should Review Now

    Most firms set their technology priorities in J...
  • Cloud Migration for Professional Services: When It Makes Sense

    Cloud Migration for Professional Services: When It Makes Sense (And When It Doesn’t)

    Every vendor in the technology industry will te...
  • mid age man working on laptop while floating in the sea summer vacation

    Summer Vacation Security Checklist for Professional Services Firms

    Summer is the one time of year when professiona...
  • The $300 Laptop vs. The $1,300 Laptop: A Technology Investment Guide

    The $300 Laptop vs. The $1,300 Laptop: A Technology Investment Guide

    I have had this conversation more times than I ...
  • Remote Work Technology Setup: What Matters for Professional Services Firms

    Remote Work Technology Setup: What Matters for Professional Services Firms

    Remote work is no longer a temporary arrangemen...

Archives

  • GET SOCIAL
Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

© 2016 All rights reserved.

TOP