Watch before you click that Google Docs link! – Google Docs Phishing

Ashish (name changed), a script writer with an inclination towards comedy, frequented a resto-bar hosting Stand-up eves. Being known well to the management gave him a his break in comedy stand-up. Using his writing skills to the best, he was quick to garner a sizeable fan following.

He received an email, which seemed to be from one of the production houses offering him a show. The mail read as;

“We have been tracking your work for some time now and would like to produce a show. We would request you to please share your profile with a brief pitch on the theme. You are also required to fill a information form provide in the below link as part of formality. Please share a Google Docs link of the profile and theme pitch before 3pm on 12/11/19”.

The offer was very tempting for Ashish, this was his big break and impulsive mood drove him to click on the link, he was then directed to a login page which impersonated a ‘Google Login’ page. Once logged in, his actions gave permissions to various applications to access his data including his contacts, which allowed the spam to spread further. Ashish tried to login to his Google account but was denied access, by now his login credentials, contacts, emails, documents, images and videos were compromised in one instance.  

This type of cybercrime is categorised as phishing, while most people are aware of phishing crime via email, attacks via tools such as Google Suit are less known. In 2017, a massive wave of phishing attacks pushed Google to issue a public statement that they have mitigated some attacks and their teams are working hard to preventing such spoofing episodes in the future.  This was covered widely by international press media and prompted the Department of Homeland Security (USA) to issue guidelines on the Google Docs phishing campaign. Phishing generally leads to infecting devices with Malware, Virus and Spywares, which in-turn gives birth to multiple paths of crime.

What are common indicators of phishing attempts?

  • Suspicious sender’s address. The sender’s address may imitate a legitimate business. Cybercriminals often use an email address that closely resembles one from a reputable company by altering or omitting a few characters. 
  • Generic greetings and signature. Both a generic greeting—such as “Dear Valued Customer” or “Sir/Ma’am”—and a lack of contact information in the signature block are strong indicators of a phishing email. A trusted organization will normally address you by name and provide their contact information.
  • Spoofed hyperlinks. If you hover your cursor over any links in the body of the email, and the links do not match the text that appears when hovering over them, the link may be spoofed. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net). Additionally, cybercriminals may use a URL shortening service to hide the true destination of the link.
  • Spelling and layout. Poor grammar and sentence structure, misspellings, and inconsistent formatting are other indicators of a possible phishing attempt. Reputable institutions have dedicated personnel that produce, verify, and proofread customer correspondence.
  • Suspicious attachments. An unsolicited email requesting a user download and open an attachment is a common delivery mechanism for malware. A cybercriminal may use a false sense of urgency or importance to help persuade a user to download or open an attachment without examining it first.

Mitigation:

  1. Have a 360 Internet Protection suit instead of plain vanilla Anti Virus.
  2. Be careful when clicking directly on links in emails, even if the sender appears to be known; attempt to verify web addresses independently (e.g., contact your organisation’s helpdesk or search the Internet for the main website of the organisation or topic mentioned in the email). Most times you get fraud reviews for the subject line in a search result.
  3. Avoid clicking on hyperlinks within email communications. Type the URL into the web browser instead. 
  4. Always keep browsers such as Chrome, Safari, Mozilla etc updated with the latest security patches.
  5. Always check the authenticity of URL link for the Google link before a sign in attempt.
  6. Exercise caution when opening email attachments. Be particularly wary of compressed or ZIP file attachments. Always scan for malware before unzipping a folder or file.

7.     You must turn on multifactor authentication across your organisation, across all accounts. This is now considered the absolute minimum you can do to ensure security online. 

  1. Immediately report any suspicious emails to your information technology (IT) helpdesk, security office, or email provider.
  2. Download only verified apps for the store.

References:

https://www.us-cert.gov/ncas/current-activity/2017/05/04/Google-Docs-Phishing-Campaign

https://www.wired.com/2017/05/dont-open-google-doc-unless-youre-positive-legit/

https://www.theguardian.com/technology/2017/may/03/google-docs-phishing-attack-malware

#Phishing #GoogleDocsPhishing #CyberCrime #CyberSecurity #AddreyPost

Copyright © 2019 Addrey Consultancy. All rights reserved.

Leave a Comment

Your email address will not be published. Required fields are marked *