🚨🚨🚨 Really major Gmail phishing attack going around right now. Do NOT click on an unexpected "Open in Docs" link.
Whether or not you have, now is a great time to review the apps you've authed to your account: https://security.google.com/settings/security/permissions
@nightpool it asks for your e-mail address and password using the old-style google login page where you input both
@nightpool @xor Judging from articles, it sounds like it asks you to authorize an app but it the app has the same name and icon as the actual Google Docs
@nightpool @xor @kaniini Agreed. I think this is one phishing attack that I might just have fallen for. It is kind of strange that you can make an app with that name though.
what i have been seeing is "open in gdocs" links that send you to a phishing login page and then a fake authorize google apps screen.
i suggest resetting password and verifying you haven't authorized any rogue apps...
@chris @nightpool this is correct. The URL for the app (not displayed but you can hover to see) is a not-Google link. Extremely subtle.
If "Google Docs" appears in the list I linked, nuke it
@xor @chris @nightpool from what I can tell (and based on the conversation on HN) it appears it redirects to googledocs.gdocs.pro after getting the OAuth token. Wish I had an actual example.
@wxl @xor @nightpool Yup, it has the redirect URLs in the code linked here: https://toot.works/@chris/81914 https://toot.works/media/cLpTPgkh8MK2fQIsMWM
@chris @xor @nightpool tl;dr no one should be expecting their apps to have access to their apps on the same service.
@xor Have a link to an article explaining the phishing atttack?
I'm not using gmail, but I'm curious what it's doing.
@cwebber I haven't seen an article, but it's "just" getting oAuth access to mail and contacts for a rogue app named "Google Docs" (then spamming it out)
@xor @cwebber Here's two articles:
https://www.theatlantic.com/technology/archive/2017/05/did-someone-just-share-a-random-google-doc-with-you/525279/
https://www.theverge.com/2017/5/3/15534768/google-docs-phishing-attack-share-this-document-with-you-spam
Some additional info too: https://toot.works/@chris/81914
@xor Yup. I got it, too. Two of them. Weirdly, from the names of the school district clerks.
@xor Google says it has stopped a phishing email that reached about a million of its users. http://www.bbc.com/news/business-39798022
@xor what does it look like after clicking on it? Is it a zero interaction thing or is there the normal "authorize blah blah blah"? What does that page look like?