Thursday, 4 May 2017

Massive Phishing Attack on Google Docs - Case Study

Rethink While Allowing Apps Accessing Your Google Account Now

Did you know that Google Docs recently encountered a major phishing attack on Tuesday, 2nd, May, 2017? This attack got spread like a wildfire, and was designed to steal the precious information from your mailbox.

The strategy of this attack was slightly advanced than other phishing attacks. Here, users get emails with a link, namely ‘Open in Docs’.

This phishing attack was designed by exploiting a renowned standard, namely ‘OAuth’, which is used to provide third party services or apps to connect with your Google account. Usually, this functionality is being utilized by numerous authentic websites to help users quickly connect with them. But, if we discuss this phishing attack, the moment users click this link, they are redirected to It is one of the reasons that they could not sense that it is extremely harmful for their precious data. Being a user, you are also asked to provide your permission to an app to connect with your Google account. And, once the permission is granted, it sends the same email to your entire contact list. This is how this phishing attack reached to a maximum number of people worldwide. However, the name of this app is ‘Google app’, but it is not a Google based app. It is an illegitimate application, which has been given this name to cheat the users. Once you give accessibility permission to this app, it takes control of your mailbox management including data, emails, etc. If you research it a little bit more by clicking its link for detail, it is clearly mentioned that it is owned by someone with an email id, ‘’.

However, Google is known to be one of the most secured platforms on the Internet, but to maintain the flawless security, constant IT security surveillance is mandatory. Well! IT industry has a nature of staying on wheels. It never remains static, as new challenges, innovations and solutions are the part of it. No matter how secure a software becomes, hackers never take their eye off from it, and keep finding ways to temper it. Not sure if anyone can ever change their negative thought process. But, we can surely boost the level of our security for a safer online experience. In order to get more information about this OAuth phishing, you can refer to Ars Technia, Quartz, the Verge, etc. Be it any business vertical, data plays a vital role everywhere, and no one can afford to lose it in today’s highly competitive world.

Google took a quick action on this incident and deactivated the app’s authentication token, which means it is not going to create nuisances in your digital world. But, for security viewpoint, you can access your Google Account Settings and remove this unethical app from there. Finally, it is always good to check the authenticity of applications that are asking for your personal or other account related details to stay safe online. Be aware to stay safe. You can always connect with mysslonline technical team to get any information related to IT security.     

No comments:

Post a Comment

The Bad Rabbit Ransomware Can Kill People & Computers – How Safe Are You?

Malware is a malicious software, which is designed to disrupt your system’s performance by silently gaining its access without your consen...