- ‘Star Trek: Discovery’ unmasks the time-traveling Red Angel Thursday 8:30 PM
- Everyone is making memes of Meghan McCain saying ‘my father’ on loop Thursday 8:11 PM
- Irony of Georgia’s sperm-reporting bill flies by anti-abortion advocates Thursday 7:11 PM
- Sex scandals are consuming the K-pop industry Thursday 5:44 PM
- Trump supporters are abandoning Fox News over network’s latest hire Thursday 5:20 PM
- QAnon is attacking a random woman in a disturbing and dangerous way Thursday 4:59 PM
- Google celebrates Bach with AI-powered, music-making doodle Thursday 4:53 PM
- RIP: The best free trial in all of streaming entertainment Thursday 2:19 PM
- Which ‘Florida Man’ are you? Thursday 1:06 PM
- Hundreds of millions of Facebook passwords were accessible to employees Thursday 12:55 PM
- ‘Bitch I’m Bella Thorne’ morphs into TikTok dyslexia meme Thursday 12:17 PM
- Marvel is auctioning props and costumes from Netflix’s ‘Defenders’ franchise Thursday 12:12 PM
- Net neutrality advocates plan online watch party for the ‘Save the Internet’ Act Thursday 12:01 PM
- Tim Cook turns his iPad meme into an AirPod meme Thursday 11:46 AM
- Auschwitz Memorial asks visitors to stop taking playful photos at Holocaust site Thursday 11:33 AM
This sophisticated Google Docs phishing attack is fooling everyone
If there’s one thing the 2016 election taught us, it’s that phishing attacks are becoming more and more sophisticated—and that it’s easier than ever to fall prey to them.
With that in mind, be forewarned: a spear-phishing scam is making its way through everyone’s emails. If you see an email from someone you know that kind of sort of looks like it’s a Google Doc they want to share with you, don’t click it.
Here’s what a standard Google Doc invitation looks like.
(Yes, that is a Google Doc titled “dicks.” When you work on the internet, you deal with dicks a lot.)
Here is the spearfishing attempt. Notice the differences.
There’s no grey background, it’s lacking the Google signature, and the spacing is much too tight.
Many were impressed with some of the levels of sophistication once they clicked.
— Zach Latta (@zachlatta) May 3, 2017
If you get a “Google Docs” shared document today, don’t click it. It got past spam filters and a lot of people are falling for it right now.
— Adam Steinbaugh (@adamsteinbaugh) May 3, 2017
Over on Reddit‘s main Google forum, user JakeSteam broke down exactly what happens.
According to one user on Twitter, the scheme was so successful it crashed whoever put it together.
Google phishing scheme spreading like wildfire, uses app authorization to compromise. Attacker's backend has crashed due to rate of success? pic.twitter.com/l1AFRz7QjK
— Collin Anderson (@CDA) May 3, 2017
— Collin Anderson (@CDA) May 3, 2017
The Electronic Frontier Foundation says that it is not believed to put malware on your computer.
Google has not yet responded to requests for comment regarding the phishing attack.
Update 4:50pm CT, May 3: In a statement provided to the Verge, Google said they had taken steps to halt the phishing attack and that the matter was resolved.
“We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again.”
David Covucci is the Layer 8 editor at the Daily Dot, covering the intersection of politics and the web. His work has appeared in Vice, the Huffington Post, Jezebel, Gothamist, and other publications. He is particularly interested in hearing any tips you have. Reach out at [email protected]