Site news

SECURITY ADVISORY: Phishing Attacks Through Google Docs Link

SECURITY ADVISORY: Phishing Attacks Through Google Docs Link

by Nemuel Fajutagana -
Number of replies: 0

The University of the Philippines warns the public of a possible Phishing attack targeting users of Google Mail, our service provider for UP Mail (@up.edu.ph).


Should you receive an email with instructions to click a suspicious Google Docs Link you just received in your e-mail, DO NOT click the link. Report this to your respective IT center and delete the message immediately.


Please see sample e-mail below:


?ui=2&ik=ec20fa85b6&view=fimg&th=15bd14ed151a8d30&attid=0.1&disp=emb&realattid=ii_j29sqo9y0_15bd14d38f73f3c4&attbid=ANGjdJ-ZZXmRaSxKQefj0LvGa2wy-3jTo0-eF-qVbMep5R8K30AE3AmogDv_h4w7xg0Zi_UEVBWscAt2CeLeCI8uqVwEPcLSDhs9lH7vkdQY-5L_o7grGMrn4yyfcdU&sz=w1048-h546&ats=1493885911474&rm=15bd14ed151a8d30&zw&atsh=1


Source: http://thehackernews.com/2017/05/google-docs-phishing-email.html?m=1


Here's what will happen when you click the link:

You will be redirected to a page which says, "Google Docs would like to read, send and delete emails, as well access to your contacts," asking your permission to "ALLOW" access.

Once you click "Allow”, the hackers would immediately get permission to manage your account and will be able to access all your emails and contacts, even without your password.


For more information on this, here is an article from TheHackerNews.com:

http://thehackernews.com/2017/05/google-docs-phishing-email.html?m=1