By Sylvia Lorico
Ryerson students and alumni were among the targets of a Google Doc phishing attack on Wednesday. At about 4 p.m., Ryerson alumni posted on social media that they received emails to their personal accounts, containing links sent from archived Ryerson accounts.
The phishing incident was widespread. It targeted users of Gmail, using sender names that were familiar to them. Google Docs confirmed in a series of statements on Twitter that they were aware of the problem and taking steps to solve it.
(1 of 3) Official Google Statement on Phishing Email: We have taken action to protect users against an email impersonating Google Docs…
— Google Docs (@googledocs) May 3, 2017
(2 of 3) & have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team…
— Google Docs (@googledocs) May 3, 2017
(3 of 3) is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.
— Google Docs (@googledocs) May 3, 2017
Emails sent to alumni from former accounts were addressed to hhhhhhhhhhhhhh@mailnator.com. The emails included a link to a Google Doc. The subject line would read “[someone in your contacts] just shared a Google Doc with you.”
When clicked, the link would redirect the user to a Google Docs page, asking for permission to read, delete and manage emails, as well as manage contacts. Once accessed, the malware would send emails from the personal account to other people in their contacts to spread more malware.
Phishing (or malware) Google Doc links that appear to come from people you may know are going around. DELETE THE EMAIL. DON’T CLICK. pic.twitter.com/fSZcS7ljhu
— Zeynep Tufekci (@zeynep) May 3, 2017
@zeynep Just got this as well. Super sophisticated. pic.twitter.com/l6c1ljSFIX
— Zach Latta (@zachlatta) May 3, 2017
Computing and Communications Service (CCS) issued a warning notice on their website and Twitter.
Brian Lesser, chief information officer at Ryerson said in an email that CCS estimated 7,923 people at Ryerson received one or more of these emails. Of these, CCS confirmed from reports that 601 people clicked the link and allowed access to their Gmail accounts. Google later revoked access to accounts compromised by the malware.
Following the incident, Google released an updated statement on Thursday. The statement noted that the phishing campaign affected 0.1 per cent of Gmail users, and outlined the steps they used to resolve the problem.
“We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed,” read the statement. “There’s no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup.”
The CCS website has a page on how to spot potential phishing emails. Some tips include hovering over suspicious links to verify if they match the URL of a legitimate website and to check emails for any suspicious characteristics such as grammatical errors, an urgent request for personal information, a blank “To” field or if the sender’s address is suspicious.
Leave a Reply