Google Apps Phishing Attacks
- Timothy Pinkham
- David Walton (Unlicensed)
Suspicious Email Message
The attack starts with a suspicious email that includes an unfamiliar email address and a button to open a Google Doc. In some cases, there might not be a personal message in the email. The message will usually come from a trusted email address, like a friend or colleague.
If you weren't expecting a document of this nature from that particular person, you should question the email message.
Permission Request
If you click on the button from the email message, your Internet browser will prompt you with a Google permission request.
Anytime you're prompted to grant permissions for an application, make sure to read and understand the request before clicking the Allow button. If you are unsure, contact the IT Helpdesk for help.
Pay attention to the person or application requesting access permissions. In the example above, the hacker used a malicious application with the name "Google Docs" to trick users into trusting the request. If you were to click on the "Google Docs" link, it would show the sender's actual email address:
The hacker is also using a malicious website (googledocs.g-cloud.pro), hoping that you will believe it's a legitimate Google Docs site.
Check Your Google Apps Security
Use Google’s Security Checkup tool to review what apps you have connected to your Google Account. https://g.co/SecurityCheckup
If you want help with Google's tool, contact the IT Helpdesk at 4740 or it.helpdesk@biola.edu.