![Massive Google Docs phishing attack swept the internet today [Updated]](http://mtdata.ru/u9/photo94B8/20458955444-0/original.jpg#20458955444)
If you just received an unexpected email in which someone you know is sharing a Google Doc with you, do not open it.
There is currently a rather massive phishing attack making its way through the internet. It’s pretty sophisticated, and very easy to fall for.
To summarize a reddit post by JakeSteam, it basically works like this:- As seen in the image above, you receive a simple email saying a Google Doc has been shared with you, likely from someone in your contact list.
- When you click on the button, you are taken to a real Google account selection screen (or at least it does if you have multiple accounts open).
- Select the account you want to use, an what appears to be “Google Docs” asks for several permissions to access your account. This is not the real Google Docs; the real one doesn’t need to ask for any permissions. But if you didn’t know this, it looks authentic enough other than all the permissions it requires.
- It then self-replicates by sending itself to all your own contacts.
The attack bypasses two-factor authentication and login alerts. Because you gave the imposter Google Docs full access to your email, it’s possible the attacker could extract any information stored in your messages. It could also be used to access your passwords for other services by sending password reset emails. Be…
The post Massive Google Docs phishing attack swept the internet today [Updated] appeared first on FeedBox.