Moby Doc – The Biggest Phish

Yesterday, the airwaves were awash with news of a brand-new phishing scam targeting Google Docs users with a phishing email using fake Google Doc sharing emails to encourage the stressed, overworked, tired, wasted and potentially deranged recipients to click on a ‘open in Docs’ button, which wasn’t ultimately a Google Docs link.

Obviously, if you clicked through and answered yes to the permissions questions you would be pwned. The attacker will have access to all of your google details and content even if you change your Google password until you revoke the aforementioned permissions.

The sheer scale of this attack has surprised everybody. It is very scary – so scary in fact that many of us posted this link.

It would be fair to say that this announcement has whipped an already edgy community into frenzy. Surprisingly, sometime later in the day a ‘Eugene Popov’, claiming to be undertaking a final year project at Coventry University took responsibility for this work as part of a final year project (perhaps a job application now gone tits-up?), although there is no confirmation that one ‘E Popov’ is on any sort of course at Coventry University in the United Kingdom. Read this.

As regular readers know, we try not to immerse ourselves in technical detail in this blog, however this nasty scare raises the prospect of the compromise of cloud-based accounts, corporate (especially if you have done the Google thing), private, or even more scary; Shadow IT (think DropBox and the like) because of the ‘OAUTH’ protocol. Expect a load of copycat attacks any time soon…

If you did fall for this attack you must access your Google account settings and revoke the permissions for the fake ‘Google Docs’ app and be very wary about secondary attacks that may use your email content (bills/receipts/saucy emails etc.) to blackmail you or steal your identity.

Cisco’s propeller head shop Talos, has published a very thorough analysis of the culprit here.

If you would like to know more about this Phish or any other aspect of information security, please contact us at: [email protected] or call 020 7517 3900. Please be careful when opening content in email, please.