Gmail Phishing Attack Scams Using Google Docs

Gmail Phishing Attack Scams Using Google Docs

Google’s Gmail email service was targeted in a global phishing scam last night. The email sent out to Gmail users and was an especially crafty version of a typical phishing email. The fraudulent emails appeared to have been sent from someone the recipient already knew. The familiar sender names made it more likely that the email would be opened and thus helping the email scam spread even further and faster.
The email contained a message with an “invitation” from the sender to view a Google Document. Once users clicked on the link, readers were presented with a page of choices of which Google accounts to which they would grant access.

How to Spot the Suspicious email

Although the email appeared to be coming from a friendly name, the actual sending email address was consistently hhhhhhhhhhhhhhhh @ mailinator.com . Another clue was that the recipient (the person being scammed) was listed in the BCC (blank carbon copy) field rather than the recipient’s field [Figure 1].


Figure 1

Although one of our writers did receive the phishing email shown in Figure 1, he was cyber-savvy enough not click on it! Thanks to Zach Latta, the cyber-attack process was recorded in his video:

After account access was granted via the web page, the Gmail account was then used to spread the cyber-attack further.

What is a Phishing Scam?

A phishing email is any email that intends to steal something, usually personal or financial information, from the recipient. Typically, phishing scams are emails, but the term is sometimes used to describe phone call and websites too. Often an email scam directs users to a fake website that prompts viewers to enter in some personal information such as an account number or password.

When we talk about email, the sending email address is the email sender’s email address including their domain name. Most email clients give us the ability to set an additional display name. In this case, the display name, also known as the friendly name, was altered to contain the name of someone in the recipient’s contact list. For example, support @google.com is an email address or “box” but the friendly name might be customized to show as “Google Support.” With a familiar name as the sender, users were far more likely to open the email.

The May 3 Gmail Phishing scam was an email used with a fraudulent website.

Google responded to the attack almost immediately with posts on social media and one of their websites. {Figure 2] The company stated that only about 1% of its users were hit by the attack. Although .1% seems small, this means that over 1 million people received the email!

Steps to Take if You Are a Target of This Phishing Scam

  1. Be sure to change your password! This is something you should do on a regular basis – scam or not.
  2. Check Your Google and Gmail Security Settings

It is important for everyone to review his or her security settings on a regular basis. Make sure you have at least two account recovery options for your Google accounts. Visit Google’s security checkup center to review your account security and recovery settings. The Google security account check link it https://myaccount.google.com/secureaccount.

Michelle writes about cyber security as well as how to protect your data online. She has worked in internet technology for over 20 years Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. She conducts workshops focused on web technologies and enjoys public speaking along with her connected rescue mutt.