Google users around the world began posting message of alarm early Wednesday, as they discovered a widespread new “phishing” scam based around an app that looks like an invitation from Google Docs. The app’s name? Google Docs. Yes, a phishing scam app is called Google Docs, but of course it’s not the actual Google Docs.
The scam begins with an email requesting invasive permissions on behalf of the Google Docs “app”, always seemingly from a trusted contact. This abuse of a person’s trusted contacts essentially automates the “spear” portion of a targeted spear-phishing attack. The app requests permission to:
-Read, send, delete, and manage your email
-Manage your contacts
This fraudulent message has the styling and appearance of a legit email from Google, but the link associated with the app actually sends users to a malicious URL.
The scam has made inordinately large waves online due to its uncommonly sophisticated approach, and the fact that Google accounts are often associated with work, as well as personal use.
The website behind the phishing app is
googledocs.g-docs.win, and the g-docs.win domain was created on April 22 and updated on April 27, according to data on Whois. Registrant information is protected, so there’s no way to see who registered the account.
Online sleuths claim to have identified the “payload,” or the portion of malware code scheme that has its negative effect, and oddly enough some believe it may be designed to do nothing more than replicate.
There are indications that users can key off of to protect themselves, however. Most notably, few (if any!) official Google messages tend to forward on to “firstname.lastname@example.org”.
If you have been a victim of this, it’s possible to edit Google permissions by following this link or heading to myaccount.google.com, and selecting the Connected Apps tab within Security.