Google Docs Phishing Attack

This is a notice to inform you of a potential security threat of an ongoing phishing scam that targets users by disguising itself as a Google Docs sharing request. Please be aware of security threats during day-to day email tasks; do not open a document from someone that you aren’t expecting, or can’t verify the origin of. Please take a moment to familiarize yourself with the Google Docs Phishing attack.

The malicious email was easily identified as addressed to hhhhhhhhhhhhhhhh<at>mailinator.com

This specific attack performed the following:

·         Uses the existing Google login system
·         Uses the name “Google Docs”
·         Is only detectable as fake if you happen to click “Google Docs” whilst granting permission
·         Replicates itself by sending itself to all your contacts
·         Bypasses any 2-factor authentication / login alerts
·         Will send scam/phishing emails to everyone in your contacts

While Google has already acted to prevent further spread, individual users who clicked the link may still be at risk.  Especially those users who have Google accounts.

Google is strongly recommending impacted users perform a SecurityCheckup to make sure that no malicious applications have access to their individual account.  This link will direct a logged in Google user to the Security Checkup page:  https://myaccount.google.com/secureaccount