Users of Gmail’s Google Docs, the popular cloud-based rival to Microsoft Word, were struck by a sophisticated phishing attack that swept through their networks. The scam appeared to start with influential users and spread rapidly over the course of a couple of hours in the middle of the workday on May 3.
Vice reported that Google found a way to stop the attack, though that could not be independently confirmed.
Here’s what we know so far about the attack, the largest of its kind in some time.
How did the attack start?
The “huge” attack appeared to start with the email accounts of journalists, who have wide and influential Gmail contacts and networks.
How does the Google Doc phishing scam work?
First flagged on Reddit, the “nearly undetectable” scam infiltrated users’ Gmails through Google Docs. Users received emails from someone they know with an attachment to a Google Doc that looks highly plausible. When users click on the document, the virus moves through their contact networks and replicates itself.
What don’t we know?
It’s not yet clear who is behind the attack. It’s also not clear what the goal of the phishing scam is: are the perpetrators looking for passwords, account numbers, or something else? We will update as we understand more.
How can we keep our accounts safe?
First, don’t click on any Google Docs today. If you’ve received any, delete the emails and clear out your “trash” folder.
Second, change your passwords and third, revoke the access of Google Docs; the method is detailed by Google in the link below.
Now is a really good time to go through the apps you've authorized to access your Gmail account. https://t.co/35FkjCb8p9
— Parker Higgins, 1337 |-| (@xor) May 3, 2017
Is there any more detail on how it works?
Right now, it’s guessing and hearsay, but the original post on Reddit has helpful details for those who want to understand the scam a bit better.