A fast spreading phishing campaign targeting Google users was discovered today masquerading as an invitation to view a shared document via Google Docs. The link embedded in the message redirected users to a fake application that used Google’s authentication system to grant access to the victim’s Gmail account, contacts and documents. The message was then resent to the victim’s contacts in an attempt to access even more accounts. Google quickly reacted by shutting down the fake application and resetting impacted users’ sharing permissions, but this event serves as a reminder that all unexpected sharing invitations, whether from a trusted contact or not, should be treated with skepticism.
How can you tell if you received the phishing message? If you received a message on 5/3/2017 sent to firstname.lastname@example.org with a subject similar to “___ has shared a document on Google Docs with you”, then you were targeted by the phishing campaign. If you were logged in to any Google application on your computer and clicked on the link in the message prior to Google blocking the site, you potentially gave phishers access to your account. While Google has corrected the permissions on impacted accounts, Google is advising all impacted users to visit g.co/SecurityCheckup to review the security access controls on their accounts. Users may also wish to sign up for Google’s 2-Step Verification multifactor authentication solution to provide additional security for their account.
While this phishing campaign did not specifically target ITS supported services, all users are reminded to visit ITS Security for additional information regarding keeping your University account safe. ITS offers additional security for UofM accounts via our Duo multi-factor authentication product implementation. Account holders are encouraged to review the information at Duo Authentication and sign up for multi-factor authentication.