I got mine
Fortunately it wound up in the Spam folder, so I had to actively seek it out.
If you get an email today sharing a Google Docs file with you, don't click it – you may accidentally hand over your Gmail inbox and your contacts to a mystery attacker. The phishing campaign really kicked off in a big way on Wednesday morning, US West Coast time. The malicious email contains what appears to be a link to a …
1) Google doesn't look at your contacts or send you spam. They have an algorithm that scans emails and places ads, rarely, on the top line but even then not in the primary inbox and only in the social and promotional tabs. 2) Do you object to the idea that they may occasionally show you an ad to pay for the massive investments in infrastructure and engineering to build these services? Then pony up a couple of bucks a month and Google will give you an enterprise account with no ads, scanning, etc. If you would rather Google didn't ever show you an ad and you don't want to pay anything, then you just asking for a free lunch and building things costs money. I don't see what else they could do.
"I don't like ads so I don't use Google (or, really, the internet in general as everything is ad funded including El Reg being funded by Google ads)" is reasonable. "I don't like ads so I pay to not see them" is reasonable. "Google owes me services and can't ever make money in anyway, either directly or indirectly, to pay for those services" is not reasonable.
Re: AC I sort of agree. I started blocking ads only when they became intrusive. I'm wary of the likes of Google collecting too much data ( to sell), that's a step too far beyond showing me ads for stuff. And I feel aggrieved that they are able to do so by having command of the mobile phone business.
I looked at the message (got it 3 times to 3 different addresses) all from the same guy.
I Ping'd him to ask if it was real. He said he got hit by the scam.
Too easy to figure out and avoid.
But then again... I have a little guy on my shoulder with a pitchfork prodding me every time he sees a con.
(The angel guy is off at the pub and the devil guy got bored and is my internal paranoid voice... )
Sorry, but the Trump bashing is passe.
Look he won the election and so far, he's doing a decent job. He'd be doing a better job if the Freedom Party (Really Right Wing Republicans) and the Democratic Party (All of them) Actually sat down and did their job.
Trump is POTUS, Schumer is a Congress Critter. Free clue to Schumer. You don't ask the mountain to go to Moses. Moses climbs the mountain. Last time I checked. POTUS outranks Congresss Critter.
As to the bad angel, (The devil is a fallen angel) , he's attached to my shoulder via a spell ...
And no, I'm not really paranoid. ;-)
It is kind of odd that more people didn't pick up on this scam. There were several warnings - some crazy email is in the send line. you have to think that most people would find it odd that someone is suddenly sharing a doc with them for no apparent reason. when you click on a shared doc link... it should take you to the doc, instead this has a dialogue where it actually asks to you to allow to take control of your email and your contacts (which doesn't make any sense if you are opening a doc). I get that many people just click allow, allow, allow to get to whatever they are trying to get to, but you would think that if you are receiving a doc from someone you don't expect to be receiving a doc and the doc has no name on the file which makes sense, then you would wonder what this is about and be on alert when it asks you for your contacts and email control.
Common users applying logic and common sense to an unexpected email with a link|attachment to an unsolicited file|URL?
That will be the day when I grant them all admin privileges.
(Edit:) Sorry, forgot to mention about the dialog box thingy, that was a good one. Nearly peed meself.
>How is this a Google screw up?
Well they did allow someone to register a rogue web app named "Google Docs" and then showed that name to unsuspecting users without questioning it first. When Google displays a message to the user then the contents could take on a sense of greater authority than they deserve: users might think "Oh Google is telling me that one of their apps needs access to my account". Most El Reg readers know to be more suspicious, but many regular folks will take it at face value.
Many websites have filters to prevent people from gaining assumed authority, for example by blocking people from registering screen names which make it sound like they are part of the website operator, for example variations of "admin", "moderator" and "Company Name Here" should be rejected among others. It wouldn't be unreasonable to expect Google to check the app names people register and reject anything which is a third-party attempting to impersonate Google. The name had "Google" as a substring after all, it's not hard to detect.
That said, Google did well to shut it down quickly so at least they had a decent response.
Google screw-up aside, I like the rest of your comment ;)
It's not a 'screw-up', and that's not what I meant, whatever he meant. It's a phishing vulnerability, and indicative of a growing host of fumbley things Google is doing that go sideways for end-users, some trivial, some inconvenient, most addressed in Google's usual opaque manner. Nor is it just Google, but Facebook and others.
I can take the 'credit' for using an ill-defined word like 'fumbley' so loosely, but can 16 upvoters really have agreed with such a straw-man analogy?
Nor, I hope, has The Register base fully committed to an about face on the slogan 'biting the hand that feeds IT', especially regarding the biggest cyber-billboard on the planet in the garb of a (increasingly fumbley, ill-mannered, inconsiderate) search-engine.
Agreed - local to me it was two school systems and the YMCA that fell for it.
We do a bit of email and web hosting at my company, and I updated the spamassassin servers early on to identify and trash the message but some slipped through before then. So tonight I ran a scan against the mail stores deleting the messages and notifying any user that had one of the messages in their mailbox that they were potentially affected. I was surprised at the number of them I found in the SENT folders, as the users seemed intent on forwarding it on to people who weren't initially infected.
I may be also adding some body rules to weight any messages with links to .pro and .win GTLDs a bit higher. I know it won't help a lot, but I still haven't seen any legitimate traffic originate or link to one of those domains.
I appear to be one of the few who did not get one of these. Nothing on the gmail account I occasionally use for G-ish things, but no sign at my own site eiter.
So I'm trying to find out whether some of these were indeed aimed at some of our users but were quietly taken care of by greylisting. If you have any of these messages preserved, would care to share Received: headers so we can check for any patterns to search for in preserved greylist dumps?
Can we assume that this is mainly aimed at those that use the web mail or app interface?
Anything sent to my g-mail account (I needed one for my tablet to start) is directed to my text only e-mail program and has to pass the bogo filter before it gets to the in box. The fact it is text only either shows the full url for links or blanks them out.
html e-mail sucks.
Okay, wait. It's a mail to firstname.lastname@example.org AND it asks for permission to access your email and your contacts?
And not only that, but an industry which people expect to be populated by critical thinkers is hardest hit?
If the press ever needed an example of why it's not someone else's fault that people are losing faith in them, here it is.
...for "protecting" me by not allowing my Android Gmail app to log in (sync?) at all. I mean it's not like anybody will miss that payment I don't make because I have no idea I received an invoice unless I actually log in via web and check. Oh, and the cherry on the top of the batshit insane fruitcake? The app DOES actually log in and sync if I delete all cache, data, everything, restart the phone etc. - ONCE (just enough to download any new mail), then immediately fails to sync (log in?) any further, with various error messages of pitiful impotence. Considering this has been intermittently going on for days now (likely started since the attack), how about you finally get your shit together and let me read my mail already, Google?!?
Biting the hand that feeds IT © 1998–2022