Learning From The Massive Google Docs Phishing Attack

Phishing attacks happen all the time, but usually on a small scale. A recent Internet Security report shows a 55 percent increase in phishing campaigns that targeted employees at businesses of all sizes.

Articles published June 5, 2017 by Bob Bally

Recently, a sophisticated and very convincing phishing attack invaded the inboxes of millions of Gmail users, posing as an email from a trusted source, enticing people to open a Google Doc. Once the user clicked on it, they were asked to give permission to the fake Google Docs app (entitled GDocs). These permissions included reading, sending, deleting, and managing the users’ email account.

This attack spread quickly, as person after person clicked through and gave permission to the fake app. However, Google also acted swiftly, and shut down the attack within an hour. Google later reported that 0.1 percent of Gmail users were affected, which doesn’t seem like a lot, but given Google’s amount of users, Forbes estimates that around one million people fell for the scam.

Google reported that no email content was actually accessed, only users’ contacts: “While contact information was accessed and used by the campaign, our investigations show that no other data was exposed.”

Phishing attacks like this happen all the time, but usually on a smaller scale. A recent Internet Security report shows a 55 percent increase in phishing campaigns that targeted employees at businesses of all sizes. After the Google attack, there’s no question that everyone is at risk these days. As a result, it’s becoming increasingly important to know how to identify a fake email without falling prey to its bait.

Phishing Indicators

Previously, we wrote about several ways to spot a phishing email.

Most of the time, phishing emails are quite sophisticated and look very authentic and legitimate. Here are eight examples of things to look for:

1. A sense of urgency: “Hurry,” “ASAP,” “need this done by…”
2. A threat: “We will suspend your account.”
3. Directions to do something: “Validate,” “‘verify,” “confirm,” “update.”
4. Requests for personal information: SSN, address, account information.
5. Unknown web addresses: These may be doctored to look legitimate.
6. Fake/poor quality images.
7. Poor spelling/grammar.
8. Improbable scenarios.

Best Practices

The next time you get a suspicious-looking email, follow these best practices:

• Ask yourself: Was the email expected? Do I know the sender? Is the request in the email normal?
• Hover your cursor over the link…Is it legitimate? Look at it closely!
• If the email is from someone claiming to be a person you know, call that person to verify if they sent the email.

The Main Indicator That it was a Scam

Even though the Google attack was sophisticated and very convincing, there was a key indicator that it was a scam: the emails were addressed to hhhhhhhhhhhhhhhh @ mailinator.com. Phishing emails usually have something spelled wrong or seem “phishy,” and usually target large volumes of people. You may have also heard of a newer, more precise, method of targeting, called spear phishing. Like phishing emails, spear phishing attacks pretend to be a trusted source. While phishing emails target many people, spear phishing attacks usually target only a few, specific people that have been researched beforehand. Spear phishing attacks are much more successful because the perpetrators have done the research and customized the email, and can be harder to identify as a fake.

This phishing attack proves that organizations (and everyone in general) need to be more conscious of the emails they receive, and aware of what a phishing email looks like. It’s critical to continuously educate and train your employees on ways to identify and avoid these scams. We recommend sending information and tips regularly to all staff to keep this information top of mind and reduce your risk of getting infected.

Can your organization do more to educate your employees about phishing attacks?