Phishing attack resolved
A day of emails from an app disguised as Google Docs ends with Google and IT taking steps to help compromised account users. | Kyle Kohner/THE CHIMES [file]
Google resolved the issue of a unique phishing attack which targeted all Google accounts worldwide, including Biola students, staff, faculty and alumni accounts, through an app appearing as Google Docs on May 3.
Action against impersonation
“We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts,” Google Docs posted on Twitter. “We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again.”
The app originally sent emails to Google accounts with the title of a person’s name and a message which included a shared Google Doc. By clicking on the email and accepting the app’s request, the user gives the app access to their email and contacts, according to Biola Information Technology client services manager James Calley.
“This is effectively an exploit that’s taking advantage of that authentication feature and what it then does basically is it gives the bad actor… access to your email or your contacts, which is standard phishing stuff. So the end game here isn’t really any more unusual than the normal phishing attack, it’s how they’re doing it that’s sort of unusual,” Calley said.
Biola community members received an email from IT at 1:20 p.m. on May 3 about the phishing attacks recommending them to not open Google Docs from unknown senders as well as to check the title first. The email also included instructions on removing the app’s access.
“There’s one other piece of this that we’ve learned since sending the email… the email is basically firstname.lastname@example.org so if you see that in the email to — or from, rather — you want to steer clear, just delete it,” Calley said.
Besides encouraging students to delete these types of emails, IT has also been working with individuals whose accounts were compromised.
“We’re sort of taking the stance if you are on our system, on the biola.edu domain, and your account has been compromised and we go in and fix it. And then proactively sending the email just saying, ‘Hey, watch out, be careful. If you do run into problems, here’s what you can to do to fix it,’” Calley said.