Home ShawThing Google Docs – massive phishing attack

Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Google Docs – massive phishing attack

Some Google Docs users, mainly in the US, have been victims of a massive phishing attack that potentially gave attackers access to their email, address book, calendar, and docs.

Google raced to patch the issue so this article is a commentary on why so many people were fooled into giving hackers their Google login credentials.

The answer is that we are generally a trusting lot and when asked to do something we do. In fact, Glasswall, a secure email service, recently commissioned a survey that found an astonishing 82% of respondents usually or always open email attachments if they appear to be from a known contact. Of these, 44% open these email attachments consistently every time they receive one, leaving organisations highly vulnerable to data breaches sourced to malicious attachments.

Worse 58% usually opened email attachments from unknown senders. This simply shows what value all the education and media coverage about the prevalence of sophisticated social engineering attacks has achieved – nothing!

Additional survey findings included

  • 33% admitted to being a victim of a cyber attack and a further 24% said they may have been a victim.
  • 55% said they sent or received at least 11 documents via email every working day, meaning there are 2,585 potentially malicious files in circulation from a single employee each year.
  • 20% said the business they work for has no policy on how to handle email attachments, or they have not been made aware of it.
  • 5.5% thought "other" types of attachments were suspicious, which included various types prize-winning links or emails with multiple addressees.
  • 15% said they always or usually trust email attachments sent by people they have never heard of.
  • Only two people named Word documents as being suspicious and only two said they regarded "spreadsheets" as a potential threat, despite the continuing prevalence of these file-types in the perpetration of successful cyber-attacks.
  • 58% said they would feel safer from cyber-crime if their employer had the right technology to protect them.

Simon Taylor, vice-president of products at Glasswall, said, “Cyber criminals know that productivity suites like O365 and Google, as well as dynamic documents and other types of shared files, are the lifeblood today’s internet users. This includes consumers and employees of massive corporations, and often they’re one and the same.”

Greg Sim, chief executive of Glasswall Solutions, said, "Employees need to trust their emails to get on with their work, but with 94% of targeted cyber-attacks now beginning with malicious code hidden in an email attachment, the security of major businesses should no longer be the responsibility of individual office-workers. Conventional antivirus and sandboxing solutions are no longer effective and relying on the vigilance of employees clearly leaves a business open to devastating cyber-attacks that will siphon off precious data or hold the business to ransom."

Taylor told iTWire that the Google attack shows it only takes one or two clicks by a recipient to unknowingly open a weaponised link — in this case — or spreadsheet, slideshow or PDF and trigger an attack in many other cases. Attackers are becoming increasingly clever with their tactics and organizations and security tools must change the way they identify threats as new systems and methods are developed by nefarious actors.

While the threat has been mitigated for now by Google, this will not stop the ever-expanding theme of clever phishing tactics by malicious actors.

There is a good explanation of the Google attack here.

Proofpoint's Ryan Kalember, SVP of Cybersecurity Strategy, said, "The recent Google Docs email phishing attack leveraged some techniques that had previously been more associated with state-sponsored threat actors.

"That said, it was not necessarily larger in scale than any of the regular phishing campaigns that target Google, Microsoft, and other credentials. Cyber criminals continue to use carefully engineered messages to steal email account credentials because they are the gateway to all other digital account access including banking, social media and contact lists.

"Our initial analysis shows this attack was targeting organisations of all types, including the education, technology, financial services, and travel sectors. Based on the success of the initial attack, we would expect copycats to try and snare victims with similar campaigns.” 


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



Ransomware is a type of malware that blocks access to your files and systems until you pay a ransom.

The first example of ransomware happened on September 5, 2013, when Cryptolocker was unleashed.

It quickly affected many systems with hackers requiring users to pay money for the decryption keys.

Find out how one company used backup and cloud storage software to protect their company’s PCs and recovered all of their systems after a ransomware strike.


Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!


Popular News