- Moms and grandmas are infiltrating TikTok 2 Years Ago
- Did Britain’s head Brexiter hide in a bus to avoid getting hit by a milkshake? 2 Years Ago
- This woman who thought she saw a handmaid about to jump from a building is very relieved 2 Years Ago
- Michael Avenatti allegedly defrauded Stormy Daniels to pay for a Ferrari 2 Years Ago
- HBO has no plans for an Arya Stark spinoff series Today 3:28 PM
- Republicans and Democrats agree on dangers of facial recognition tech Today 3:18 PM
- Amazon is using video games and ‘swag bucks’ to incentivize workers Today 3:04 PM
- Here’s what’s coming and going on Netflix in June Today 2:46 PM
- This Michael Jackson makeup meme is sweeping TikTok Today 2:45 PM
- Homophobic preacher wants Pete Buttigieg to renounce fisting and rimming Today 2:33 PM
- ‘The Liar, the Snitch, and the War Crimes’: Twitter roasts news of Trump Jr. book deal Today 12:36 PM
- Polar Peak in Fortnite is cracking, and players think a dragon may be beneath the ice Today 12:07 PM
- ‘Rise of Skywalker’ first look reveals mysterious new characters Today 12:00 PM
- Meet the anti-choice, pro-NRA Trump supporter challenging Rep. Justin Amash Today 11:51 AM
- Moby attempts to prove he dated Natalie Portman with a shirtless photo Today 11:39 AM
This sophisticated Google Docs phishing attack is fooling everyone
If there’s one thing the 2016 election taught us, it’s that phishing attacks are becoming more and more sophisticated—and that it’s easier than ever to fall prey to them.
With that in mind, be forewarned: a spear-phishing scam is making its way through everyone’s emails. If you see an email from someone you know that kind of sort of looks like it’s a Google Doc they want to share with you, don’t click it.
Here’s what a standard Google Doc invitation looks like.
(Yes, that is a Google Doc titled “dicks.” When you work on the internet, you deal with dicks a lot.)
Here is the spearfishing attempt. Notice the differences.
There’s no grey background, it’s lacking the Google signature, and the spacing is much too tight.
Many were impressed with some of the levels of sophistication once they clicked.
— Zach Latta (@zachlatta) May 3, 2017
If you get a “Google Docs” shared document today, don’t click it. It got past spam filters and a lot of people are falling for it right now.
— Adam Steinbaugh (@adamsteinbaugh) May 3, 2017
Over on Reddit‘s main Google forum, user JakeSteam broke down exactly what happens.
According to one user on Twitter, the scheme was so successful it crashed whoever put it together.
Google phishing scheme spreading like wildfire, uses app authorization to compromise. Attacker's backend has crashed due to rate of success? pic.twitter.com/l1AFRz7QjK
— Collin Anderson (@CDA) May 3, 2017
— Collin Anderson (@CDA) May 3, 2017
The Electronic Frontier Foundation says that it is not believed to put malware on your computer.
Google has not yet responded to requests for comment regarding the phishing attack.
Update 4:50pm CT, May 3: In a statement provided to the Verge, Google said they had taken steps to halt the phishing attack and that the matter was resolved.
“We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again.”
David Covucci is the Layer 8 editor at the Daily Dot, covering the intersection of politics and the web. His work has appeared in Vice, the Huffington Post, Jezebel, Gothamist, and other publications. He is particularly interested in hearing any tips you have. Reach out at [email protected]