How Do Phishing Attacks via Google Docs Work?

Looking to better understand some of the phishing attacks on Google Docs that have dominated the headlines recently? Here's how they work.

If you’re savvy on digital tech trends, you may have noticed the highly publicized phishing attack that occurred in early 2017 that gained access to Google accounts via Google Docs. The report affected millions of people, and required Google to send out a notification warning users to ignore the phishing request and to change their permissions quickly. This shows how important it is to not only be aware of the latest scams, but to take measures to block phishing attempts. To protect your phone from these kind of hacks use DFNDR Security’s Anti-Hacking feature:

 

If you like the idea of having an antivirus app block malicious links before you even click on them, the Anti-Hacking feature does just that. So how did this Google Docs attack work, and what can users do in the future to sniff out future attacks before they happen, in addition to using Anti-Hacking? Continue reading to find out more about Google Docs phishing attacks.

Read More: Google Play Protect Fails to Deliver – Only Stops 65.8% of Malware

How This Attack Worked
First, the initial issue that caused this was a minor one, and it stemmed from a simple email that appeared as if it was sent by a recent contact. The email then encouraged individuals to open and log in with their Google account. The page that users were delivered to looked exactly identical to the normal Google permission pages, which is what caused so many users to grant and fall for the attack.

Of course, once they had signed over their information, it was too late. Hackers were able to use the information and passwords for whatever they wanted, and users were left scrambling to change their information and ungrant permissions. Of course, while the attack targeted less than .1% of Gmail users, that still means that millions of people were at risk, and many clicked on the link.

Of course, there’s a lot to learn about this that users can use to protect themselves in the future. First and foremost, users should be careful and always think twice about sharing their information. If an email takes you to a page looking for information that you’ve likely already shared on your computer, you may have encountered the phishing page. Maintaining a healthy skepticism is key to staying vigilant and on top of attacks that may be incoming.