geekhack
geekhack Community => Other Geeky Stuff => Topic started by: Leslieann on Wed, 03 May 2017, 19:41:22
-
This is hitting news sites quickly, because it's spreading like wildfire (one of my suppliers got hit by it) and many news sites have it wrong.
This is a new form of attack, anti-virus will not help and your operating system doesn't matter.
What it is, how it hits:
This attack is being carried out by email, it comes from someone who has you in their list of contacts and claims to be a shared Google document. It is not a shared document, it is an app trying to gain access to your docs.
What it does:
Clicking the link takes you to an actual Google page, the link is legit. The problem is, it is not taking you to a Google Document file shared with you, it takes you to the page that authorizes a program or person to access your Gmail, Docs, Drive and contacts and asks for access. If you click without thinking, it grants them access to everything.
Note that:
A. It won't be flagged as fake because it takes you to your actual Google account. This is how shared documents work, they simply reversed it.
B The attack CANNOT be carried out without you authorizing it.
How to protect yourself:
If you happened to click the link in email, but did not click authorize, you are safe, but following below will let you verify that and see what else has access to your documents.
How to fix it if you got hit or just want to verify you are safe:
If you did click the link, and clicked authorize, go into Gmail, then My Account (it's in the 9 dots on top left), then under "Sign In and Security", click "connected apps and sites", then "Manage Apps". In this you will find a list of things authorized to access your Google files and should be in the order they were authorized, so the last one is most likely the one you need to kill and it should be labeled "Google Docs".
-
It's
dead fixed Jim.
https://www.reddit.com/r/google/comments/692cr4/new_google_docs_phishing_scam_almost_undetectable/dh36pv2/
-
Until the next one...
Still good idea to check what has access..
-
Thanks for posting this.
I'd kinds heard about it here and there, but as we don't use Google Docs I wasn't expecting to (and have not) receive any such email.
Still for those who don't get out much, you can't be warned too much about things like this.
-
The scam hit my school, everyone with an MTU email account got a few. I was actually talking to my advisor about it earlier today :))
-
Normally I wouldn't warn a bunch of geeks, but this was clever and VERY fast moving.
It's been years since we had one move this fast and to be used through a legitimate system was really slick. In a way, I have to admire the person who came up with it.
-
Thanks for posting this.
Usually I wouldn't worry too much but we use google docs heavily at work so I've been extra careful with all the shared docs lately.
-
I saw this spread around really quickly as well. It's kinda unsettling because most people on the forum are well aware of what type of phishing scheme this is, but in the heat of the moment it can be really hard to spot. I fell for a similar thing just last year where I opened an email that prompted for my paypal info in a similar sneaky manner. Fortunately, I entered the wrong password LOL so I was fine, but it shook me up a little because I was completely unaware of what I was falling for until it was (almost) too late.
-
I saw this spread around really quickly as well. It's kinda unsettling because most people on the forum are well aware of what type of phishing scheme this is, but in the heat of the moment it can be really hard to spot. I fell for a similar thing just last year where I opened an email that prompted for my paypal info in a similar sneaky manner. Fortunately, I entered the wrong password LOL so I was fine, but it shook me up a little because I was completely unaware of what I was falling for until it was (almost) too late.
Some of them are painfully obvious and others are really sneaky.
Around tax season here in DK there are usually some phishing emails floating around, my mother almost fell for it once.
-
The thing with this was it was legit, just reversed on you.
So if you were not paying close attention ("why is it asking me permission) and just check the URL and such, it was 100% legitimate.
Really annoying, Google paid a hacker for finding this hole a long time ago and just never fixed it. Now someone uses it, and they fix it in5 minutes. If it took that little time, why did it take so long to fix and why was it worth a bounty?
-
The thing with this was it was legit, just reversed on you.
So if you were not paying close attention ("why is it asking me permission) and just check the URL and such, it was 100% legitimate.
Really annoying, Google paid a hacker for finding this hole a long time ago and just never fixed it. Now someone uses it, and they fix it in5 minutes. If it took that little time, why did it take so long to fix and why was it worth a bounty?
Obviously, this was so they can use the hole themselves to target anti-google outlets..