Twitter is currently alive with reports of phishing emails doing the rounds which are inviting users to view a Google Docs file. If an unsuspecting victim falls for the highly convincing email, it accesses a virus which immediately goes on to send out the invite to everyone you have ever emailed through Gmail (and supposedly other email apps as well). The virus has the capacity to bypass 2-factor authentication for Google once you attempt to view the linked Doc.
Currently the best way to check the authenticity of such an email is in the address field as the emails are coming from a mailinator.com domain, however that can of course change if the virus or phishing email is adapted. Many tech news outlets have already picked up on this issue and reported it to google who have set up an automatic responder stating that it is looking into the problem and asks affected users to report the email.
It’s not clear what the aim of this virus is – apart from widespread propagation; Engadget has picked up on reports that Google Drive may also be affected but we are still waiting to hear more on this and it seems to be working correctly as I write this report.
As always, vigilance is your first defence against phishing scams like this and although this seems particularly sophisticated it can be defeated if you address all future Google Docs invites with a touch of scepticism and check them thoroughly before you go ahead and accept.
We’re interested to hear your thoughts and views on this new phishing scam. Have you been affected? If so, what are your first-hand experiences of dealing with this new threat and what antivirus service do you use? Did your Antivirus pick up on the threat and save you from an embarrassing error or did it fail to catch and contain the threat?