A new phishing scheme that initially targeted journalists with fake requests to share a Google Docs document is spreading like wildfire by using emails that appear to be legitimate.

First detailed by a user on Reddit, the phishing scheme involves sees targeted users being sent an invitation from someone they may know inviting them to view a Google Doc’s document. Once the target clicks on the link, a real Google sign-in screen appears that asks them to continue, followed by a request to authorize a legitimate-looking app called “Google Docs.”

That app, however, isn’t a Google app but an app created by the hackers behind the phishing campaigns. Once authorized by the victim, it can obtain access to the victim’s Gmail account.

Once it has access to a Gmail account, the app then uses the address book to propagate itself further, which is why it has been reported to be spreading so rapidly. Access to the Gmail account could also result in hackers gaining access to accounts the victim holds elsewhere. The hackers send a request for a password reset on those sites and then intercept the confirmation emails.

“We realize people are concerned about their Google accounts, and we’re now able to give a fuller explanation after further investigation,” Google Inc. said in a statement. “We have taken action to protect users against an email spam campaign impersonating Google Docs, which affected fewer than 0.1 percent of Gmail users. We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail and other anti-abuse systems.”

Google went on to claim that it stopped the campaign within one hour and that no further action is required by users.

However, Richard Henderson, a global security strategist at Absolute Software Corp., disagreed, telling SiliconANGLE that based on how quickly this spread, and how fast social media erupted, it’s clear the campaign was very successful.

“Right now, though, it’s not clear what the intent of the phishing attacks were … but based on the permissions people gave the attackers, it’s entirely possible this was used to gain access to a large number of people’s data and email,” Henderson added. “Was this a targeted attack in the hopes of compromising journalists and other important targets? It’s possible… but the retro ‘mail bomb’ aspect to it (where it immediately sends a copy to every contact you have) is not something seen all that often anymore – it’s just too noisy for a targeted attack.”

Google advised users who are concerned they may have been targeted by the campaign to visit Google Security Checkup or to log into their accounts and remove permission for any apps they don’t remember authorizing.

Photo: public domain