Tech

This sophisticated Google Docs phishing attack is fooling everyone

Be careful.

Photo of David Covucci

David Covucci

Google logo as a fishing hook with Google doc icon as bait

If there’s one thing the 2016 election taught us, it’s that phishing attacks are becoming more and more sophisticated—and that it’s easier than ever to fall prey to them.

Featured Video

With that in mind, be forewarned: a spear-phishing scam is making its way through everyone’s emails. If you see an email from someone you know that kind of sort of looks like it’s a Google Doc they want to share with you, don’t click it.

Here’s what a standard Google Doc invitation looks like.

gmail phishing attempt: iamge of normal google docs
Image via Gmail
Advertisement

(Yes, that is a Google Doc titled “dicks.” When you work on the internet, you deal with dicks a lot.)

Here is the spearfishing attempt. Notice the differences.

gmail phishing attempt: screengrab of phishing attempt
Image via Gmail

There’s no grey background, it’s lacking the Google signature, and the spacing is much too tight.

Advertisement

But it’s still fooled a bunch of people. Twitter was quick to jump all over the attempt, warning people to not click.

Many were impressed with some of the levels of sophistication once they clicked.

Advertisement

Advertisement

Over on Reddit‘s main Google forum, user JakeSteam broke down exactly what happens.

New Google Docs phishing scam, almost undetectable
byu/JakeSteam ingoogle
Advertisement

According to one user on Twitter, the scheme was so successful it crashed whoever put it together.

https://twitter.com/CDA/status/859848206280261632

https://twitter.com/CDA/status/859849338922696709

The Electronic Frontier Foundation says that it is not believed to put malware on your computer.

Advertisement

Google has not yet responded to requests for comment regarding the phishing attack.

Update 4:50pm CT, May 3: In a statement provided to the Verge, Google said they had taken steps to halt the phishing attack and that the matter was resolved.

“We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again.”

 
The Daily Dot