Beware the email bearing Google Docs.
The internet has been a-buzz with reports of a new phishing attack that masquerades as a Google Doc. Relying on either addresses you don’t know or hacked contacts from your email address book, the messages invited others to click open a shared Google Doc, but was actually intended to install a virus.
Emailed phishing attacks containing viruses are nothing new, of course. In the past, would-be hackers have relied on macro-based attacks coming through as Word doc attachments, then moved on to hyperlinks once word began to spread about the attachments. Lately, the macro attacks have begun to see a resurgence as a younger generation of tech user (ones who were never told not to open unexpected attachments) started to shy away from clicking links in emails.
Google HR and Ubisoft
This round of attacks seemed to have originated from Google HR offering the recipient a job, to Ubisoft reaching out to gamers with information. Other tweets throughout the day yesterday mentioned journalists specifically as the potential target, which speaks to some of the emails apparently originating from “sources” that pretended to have information to disclose. Basically, any means of getting the recipient to click on the email and then on the bogus document link were deployed.
Accounts shut down
Fortunately, of all the methods for sending out a worm that hackers could have tried, they had to mess with Google. For its part, Google shut down the offending accounts and had stopped the worm’s spread within an hour. All that you did if you fell for it was unleash the worm on your contacts list, but that doesn’t mean you should laugh it off and forget about it. It’s still a good idea to change your Google account password, which is really something you should be doing on a regular basis anyway. The company itself has stated that there’s really no need for further security action, but that it’s a good idea to run a Google Security Checkup against any apps you use that rely on your Google account.