I have done 3 cases on this already thank goodness Bitdefender picked this up after somebody clicked on the link.
Hi All,
A couple of our users have forwarded suspicious emails that on the surface look like they are from known individuals announcing they have uploaded a document to Google Docs for them to retrieve. Now where this one is different is once you click on the button, and then ok access to Google Docs and Email and everything else Google, the attacker now has complete control over your Google account.
Here’s a SAMPLE of one that we received today:
From: dwolfe@usbr.gov [mailto:dwolfe@usbr.gov]
Sent: Wednesday, May 03, 2017 11:55 AM
To: hhhhhhhhhhhhhhhh@mailinator.com
Subject: Dennis Wolfe has shared a document on Google Docs with you
Dennis Wolfe has invited you to view the following document:
Open in Docs
Of course we removed the bad link from the button. Below you can also read info from Google on this attack:
A very convincing Google Docs phishing scheme is racing around the internet right now, which means you should avoid clicking any weird Google Docs that have been emailed to you recently — even if it’s from someone you know. It’s spreading incredibly quickly:
If you click the link, it asks for some access permissions to your Gmail account (which actual Google Docs links would not need), and then spams everyone in your contacts with a link to a Google Docs file. They, in turn, email everyone in their contacts, and so on. All of them seem to include the email address “hhhhhhhhhhhhhhhh@mailinator.com.”
What exactly the phishing accomplishes in unknown, but there’s an excellent explanation of how it works on Reddit:
New Google Docs phishing scam, almost undetectable from google
It’s not the first time Google Docs has been used like this. There were widespread Google Docs email scams in 2014, 2015, 2016 — if you stare hard at those numbers, you can almost see a pattern forming. This one does seem to be more subtle and advanced; it only asks for permissions, not that users enter their password. It’s also widespread — hitting media organizations, technology companies, and entire schools:
If, by chance, you received this email and clicked on the link, here’s what you need to do:
1. Go to your Gmail account’s permissions settings at https://myaccount.google.com/permissions.
2. Remove permissions for “Google Docs,” the name of the phishing scam.
As always, when in doubt don’t click.
MspPortal Partners Inc. Software Family
MspEncryptMail | MspSecureMail | MspMailfilter | MspAntivirus | MspManagedNetwork | MspSecureBackup | MspSecureDoc
Roy Miehe | MspPortal Partners Inc. | Ceo/President
“Where Service and Technical Skills Count”
MspPortalPartner News 
Recent Comments