Google Docs Based Phishing Attacks
The phishing attack campaign used Google email addresses to target users by sending an email to share a document for collaboration. Once the targeted users accepted invitations, they were encouraged to login which allowed the phishing program access to their email accounts. Google has taken action to protect users, including removing the fake Google Docs pages and disabling the offending accounts.
Google Confirms the Attack
Initial reports say that Journalists were the main target for the Google Docs vulnerability, however, many different individuals working in many industries report receiving said emails. Google has confirmed it the phishing attacks through their own internal investigation and we are urging our partners to be vigilant for the time being. Here are some things you can do to safe:
- Even if a sender is known pay close attention to what you might be clicking especially direct links.
- When opening documents from an email, proceed with caution when opening compressed ZIP files.
- Immediately report any and all suspicious emails to us.
Here is some information on how to prevent phishing attacks.