Toronto Metropolitan University's Independent Student Newspaper Since 1967

A student works at their computer, you peer over their shoulder
Photo: Sierra Bellemore
All Business & Technology

Phishing emails target students and alumni through Google Docs

By Sylvia Lorico

Ryerson students and alumni were among the targets of a Google Doc phishing attack on Wednesday. At about 4 p.m., Ryerson alumni posted on social media that they received emails to their personal accounts, containing links sent from archived Ryerson accounts.

The phishing incident was widespread. It targeted users of Gmail, using sender names that were familiar to them. Google Docs confirmed in a series of statements on Twitter that they were aware of the problem and taking steps to solve it.

Emails sent to alumni from former accounts were addressed to hhhhhhhhhhhhhh@mailnator.com. The emails included a link to a Google Doc. The subject line would read “[someone in your contacts] just shared a Google Doc with you.”

When clicked, the link would redirect the user to a Google Docs page, asking for permission to read, delete and manage emails, as well as manage contacts. Once accessed, the malware would send emails from the personal account to other people in their contacts to spread more malware.

Computing and Communications Service (CCS) issued a warning notice on their website and Twitter.

Brian Lesser, chief information officer at Ryerson said in an email that CCS estimated 7,923 people at Ryerson received one or more of these emails. Of these, CCS confirmed from reports that 601 people clicked the link and allowed access to their Gmail accounts. Google later revoked access to accounts compromised by the malware.

Following the incident, Google released an updated statement on Thursday. The statement noted that the phishing campaign affected 0.1 per cent of Gmail users, and outlined the steps they used to resolve the problem.

“We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed,” read the statement. “There’s no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup.”

The CCS website has a page on how to spot potential phishing emails. Some tips include hovering over suspicious links to verify if they match the URL of a legitimate website and to check emails for any suspicious characteristics such as grammatical errors, an urgent request for personal information, a blank “To” field or if the sender’s address is suspicious.

Leave a Reply