The dark side of Google Docs

https://uploads-us-west-2.insided.com/webroot-en/attachment/30022iB676A49B6D2B03B6.-796x401
 
 
This past Wednesday, there was a rather large-scale email spam campaign involving a fake Google Docs app that affected around one million users. This attack lured users into allowing a malicious application named "Google Docs" access to their Gmail account and contacts list, causing the spam email to be sent to everyone on their contacts list. According to a statement from Google, the attack was stopped after about an hour, and no data was exposed other than the contact data used in the attack.
 
This attack reminds us that we should always be cautious when clicking on links or attachments in any email that is unexpected - even if the email is from someone we know. One of the reasons that this attack was so successful was that many of the emails were coming from a known sender.
 
Google responded to the attack with the following statement:
 
"We realize people are concerned about their Google accounts, and we’re now able to give a fuller explanation after further investigation. We have taken action to protect users against an email spam campaign impersonating Google Docs, which affected fewer than 0.1 percent of Gmail users. We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems. We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed. There is no further action users need to take regarding this event; users who want to review third-party apps connected to their account can visit Google Security Checkup."