Google Docs Phishing Exploit: Google docs link in email

AW Admin · May 3, 2017

This is an email that may come from someone you know and trust.

It purports to be sharing a google doc.

What it really does is install an app that then contacts everyone in your Contacts and sends them a link.

See: Google Docs users hit with phishing exploit

ETA: I'd suggest everyone double-check the permissions on their Google account in terms of apps you've given permission to use your account.

Maryn · May 3, 2017

Thank you for sharing the heads-up.

The Kid, who works at a university, tells me that .edu accounts were the first targets but it's spreading very quickly.

MaeZe · May 3, 2017

I don't use Google Docs but I had a suspicious email the other day I accidentally opened. I didn't click on any links within it and closed it right away. It had my neighbor's name and said she was forwarding me something. I forgot, damn it, that I'd had spam mail with her name on it before just like my email address comes to me as spam all the time. It was some junk on a weight loss diet, lots of images.

My question is this, can something like that infect your computer just by opening the email without clicking on anything in it?

AW Admin · May 3, 2017

MaeZe said:
I don't use Google Docs but I had a suspicious email the other day I accidentally opened. I didn't click on any links within it and closed it right away. It had my neighbor's name and said she was forwarding me something. I forgot, damn it, that I'd had spam mail with her name on it before just like my email address comes to me as spam all the time. It was some junk on a weight loss diet, lots of images.

My question is this, can something like that infect your computer just by opening the email without clicking on anything in it?

Some things can, yes, particularly on older versions of Windows running Outlook, but those items generally are caught by standard anti-malware apps.

This particular exploit requires you to actually log in to your Google account, using a standard Google log-in page.

MaeZe · May 3, 2017

Thank you. I have a Mac. I do use G-mail, but this was on my Yahoo mail and I do have anti-malware software but I probably should update a lot of stuff.

Hopefully it will just end up being a reminder for me to look at all email addresses before opening any of them no matter who they are from.

AW Admin · May 3, 2017

MaeZe said:
Thank you. I have a Mac. I do use G-mail, but this was on my Yahoo mail and I do have anti-malware software but I probably should update a lot of stuff.

Hopefully it will just end up being a reminder for me to look at all email addresses before opening any of them no matter who they are from.

There are a number of free anti-malware run-all-the-time-and-lurk-in-the-background apps for Mac OS. Which one is best is a religious issue; just make sure you only install one at a time, and that you keep it updated.

And do get a free copy of malwarebytes for Mac and run it at least once a month.

MaeZe · May 3, 2017

Thanks again. I meant to install that earlier when you suggested it. It is now installed and no malware was found.

I feel better. Had a malware infection on a past computer and it wasn't fun.

I recently watched Zero Days, a documentary about Stuxnet and this came up the other day: Leaked NSA hacking tools are a hit on the dark web. Another forum I post on was hacked the other day and when they said it was a random hacker group I looked into that and found there were a gazillion Anonymous-like groups now, quite popular. Then there was the NetFlix extortion and a while back the hospital records extortion..... sigh

We're all doomed.

Denevius · May 3, 2017

I just got one several hours ago. It had no message in it, though, besides the doc, which is a dead giveaway. Opened the email and quickly deleted it.

AW Admin · May 3, 2017

MaeZe said:
Thanks again. I meant to install that earlier when you suggested it. It is now installed and no malware was found.

I feel better. Had a malware infection on a past computer and it wasn't fun.

I recently watched Zero Days, a documentary about Stuxnet and this came up the other day: Leaked NSA hacking tools are a hit on the dark web. Another forum I post on was hacked the other day and when they said it was a random hacker group I looked into that and found there were a gazillion Anonymous-like groups now, quite popular. Then there was the NetFlix extortion and a while back the hospital records extortion..... sigh

We're all doomed.

Pretty much. It's one of the reasons I don't want to run a "transaction" server, as in with a shopping cart.

I've had six or seven people PM today meaning well and telling me that they're perfectly safe and if I'd talk to my technical person, they are sure he'd explain to me.

No, really, I don't want to run one. I didn't want to run one when I had an an entire cadre of direct reports and I certainly don't want to do it now. They're like flypaper or the siren call of a a cat in heat in terms of attracting problems.

We don't want to deal with any more personal data than we have to; birthdays are bad enough, and that's a legal requirement.

Chris P · May 3, 2017

I got this twice today, once on the work account and once on my personal. It looked "phishy" so I emailed the sender to see if he'd actually tried to send me anything. He hadn't, so I deleted without clicking anything.

AW Admin · May 4, 2017

Here's an update, with some really good advice; basically Google stopped this attack very quickly, but check your Google account as described here.

Cindyt · May 4, 2017

A friend of mine was warning people on FB this week about not opening attachments on emails. This may be what she was talking about.

I've had google docs account for years, but never shared it.

Thanks so much, Lisa for the alert!

Google Docs Phishing Exploit: Google docs link in email

AW Admin

Maryn

At Sea

MaeZe

AW Admin

MaeZe

AW Admin

MaeZe

Denevius

AW Admin

Chris P

Likes metaphors mixed, not stirred

AW Admin

Cindyt

Gettin wiggy wit it