Just as the sun rises every day, hackers wake up on the wrong side of the bed ready to attack computer users around the world with the latest and greatest scheme. Unfortunately, this week, hackers have taken to Google to utilize an aggressive and rather sneaky phishing technique to gain access to user's Google Docs and Google Drive accounts potentially affecting millions of users.
The recent phishing scam is one that could compromise your account where Internet users from all ends of that nation are being spammed with a malicious invitation to log into their Google accounts. The sneaky and devious part of this attack is that it uses a clever login screen, one that lacks the telltale signs of it being a phishing attack or one that draws suspicion among everyday computer users. As an example, the attack appears to display a login screen that closely mimics one that most Google users are accustomed to where it grants a third party sources access to your accounts data.
Just like on many social media sources, such as on Facebook, a notification appears that asks permission to grant access to another source through a familiar Google login screen. The message is done in a way to keep suspicion to a minimum as it takes advantage of Google's legitimate tool for sharing data with responsible third-party sources and applications. Fundamentally, the phishing scam is routed through Google's actual system where most computer users are not able to see anything wrong with the way the message or login is displayed.
Those who succumbed to the Google phishing attack were in danger of hackers pilfering their personal data allowing them to potentially scour login credentials belonging to other online accounts. The potential backlash could be devastating for some, where hackers would be able to infiltrate victimized Google user's other online accounts, such as Amazon, Facebook, and even online banking accounts.
Who is Responsible for the Google Phishing Attack?
The Google phishing scam looks to be initiated out of spam emails where unsuspecting computer users are presented with a supposed shared Google Doc that they can "Open in Docs." If the "Open in Docs" link is clicked, the user is then redirected to a non-Google address, and all other contacts in the user's Google address book are sent the same phishing email, which results in the bogus Google login appearing, thus spreading the phishing scam even further.
As far as the reasoning behind the devious Google phishing attack, computer security experts aren't 100% clear on the goal of the hackers responsible for the attack nor do they know their identity. However, many experts suspect that the hackers behind the Google phishing attack were set on gathering as many login credentials as possible for the purpose of selling them off over the Dark Web. The Dark Web is known to be a secluded part of the Internet where other cybercrooks and hackers go shopping for and share the latest hacking tools and resources.
It is apparent that there was an underlying issue with Google Docs and Google Drive that left an exposed vulnerability that the phishing hackers were able to capitalize on this week. Currently, Google has said that the phishing issue was addressed within an hour of its discovery and no other data was exposed. If anything, there was one good thing to come out of the phishing attack. In retrospect, the attack has motivated Google and potentially other behemoth tech companies to better safeguard their systems and login infrastructures as to prevent similar attacks in the future that leverage access to third party sources.