Phishing attack impersonated Google Docs
Google has disabled the offending app preventing the campaign from spreading further. Please accept our apologies for any inconvenience caused. This will be the final update for this incident.
Symantec has observed a phishing attack being sent via an impersonated “Google Docs” webapp.
Details of the attack • Messages contained the subject o “XXXXX has shared a document on Google Docs with you” • The attack used a web app to impersonate “Google Docs” o Google has disabled the reported third party application. This would prevent further compromise from this particular app. It is unknown if there are additional applications being used to accomplish the same attack at this time • Attack stopped at around 19:55 GMT
Actions taken • Following rule types deployed targeting this attack o URL Hash rules o Single signature o Header regex o Predictive heuristics
Additional Info The initial tweet from google: https://twitter.com/gmail/status/859863893484593152
Google forum tracking the issue and providing updates: https://productforums.google.com/forum/#!topic/gmail/be-_mLk_aOk
-
Email Security.cloud
- ClientNet
- Americas
- Japan
- Europe, Middle East & Africa
- Asia Pacific
Find Your Subscription
We’ll find your subscription and send you a link to login to manage your preferences.
Check Your Inbox
We’ve found your existing subscription and have emailed you a secure link to manage your preferences.
Subscribe to Status Updates
We’ll use your email to save your preferences so you can update them later.
-
Email{{ value }}
-
Text Message{{ value }}
-
Slack
-
Microsoft Teams{{ value }}
-
Google Chat
Subscribe to other services using the bell icon on the subscribe button on the status page.
Unsubscribe Completely?
You’ll no long receive any status updates from Broadcom Service Status, are you sure?
{{ error }}
You’re Unsubscribed!
We’ll no longer send you any status updates about Broadcom Service Status.