Sophisticated Google Docs phishing scam goes viral

Sophisticated Google Docs phishing scam goes viral

OAuth abuse looks convincing, but is a user registered with a fake account

You just can't trust anyone these days, not even an official looking notification hosted on Google's own domains: A recent attack used a legitimate looking OAth request to get folks to hand over the keys to their email castle.

The invitiation came disguised as a shared Google Doc invitation:

Unwary recipients were then taken to a page asking them to authorize their account with "Google Docs," which seems odd but no different than a variety of other services ask for on the web. Clicking OK then granted the attacker access to the user's GMail account, letting the attack further propagate. Someone else had registered an application with the Google Drive username, which is why the attack was able to take place on Google own servers.

Fortunately, it looks like the mischievous account has since been suspended, but not before a number of users were already caught up in the attack:

More details on SANS' blog.

 

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish