Sophisticated Phishing Attack Targets Google Docs Users

May 9, 2017 by Irfan Shakeel

On Wednesday afternoon, social media flooded with news of a new Phishing attack targeting users of Google Docs. The attack was quick, smart on getting the victim to grant permissions Google Docs by scattering to the victim’s contacts.

Fortunately, the attack did not last long, thanks to the efforts of thoughtful users, Google, and Cloudflare.

Officially, after the news spread, Google issued a brief statement on the attack via Twitter:

“We have taken action to protect users against an email impersonating Google Docs & have disabled offending accounts. We have removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this spoofing from happening again. We encourage users to report phishing emails in Gmail.”

The phishing emails, which spread for about three hours before Google blocked them, invited the receiver to open what appeared to be a Google Doc. The attacker used a blue box that said, “Open in Docs.”

Actuality, the appealing fact about the link led to a fake app that asked users for permission to access their Gmail account which was unique and people have not seen such technique in years.

The key variant between this and a traditional email phishing techniques is that this does not just redirect you to a false Google page and gather your password or something you could notice by checking the page URL. It works within Google’s system but takes benefit of the fact that you can create a non-Google web app with an ambiguous name. Here’s what the permissions screen looks like, for example:

This attack started moving fast. At the peak, the attack was generating about 155 messages per minute, around 3:15 p.m. EST on Wednesday. However, forty-five minutes later, the volume dropped off completely. Moreover, it took all over the internet, and people started to post about this attack and spreading awareness:

However, due to the rapid response from Google, this attack is now completely prevented. However, it shows that how smart attackers are using common techniques to spread undetected. To prevent such attacks in future, a social awareness campaign should be launched, in which phishing techniques and how to stay secure over the internet should be discussed.

Undoubtedly, end user awareness is the only key to defeating such attacks, as attacking techniques will never be the same. So, end users should be aware of the potential detecting techniques and create the first line of defense for the organization.

Posted: May 9, 2017
Irfan Shakeel
View Profile

Irfan Shakeel is the founder & CEO of An engineer, penetration tester and a security researcher. He specializes in Network, VoIP Penetration testing and digital forensics. He is the author of the book title “Hacking from Scratch”. He loves to provide training and consultancy services, and working as an independent security researcher.