Phishing Attack "User has shared a document on Google Docs with you"

May 3, 2017

The IT Security Office has received reports of the following phishing attack. This attack is particularly dangerous, as the emails are sent from legitimate Gmail accounts, and clicking the link in the email first redirects the user to the official Gmail login page. This attack is also very widespread affecting a very high number of Universities.

If you received a message similar to the one below and clicked the link and entered your credentials then we recommend:

  • Update your DUKE and GMAIL passwords immediately.
  • If you proceeded past the login page then we also recommend you work with your local IT to scan your system as it may have been infected with malicious content.
  • Finally, if you accidentally clicked on "Allow", go to https://myaccount.google.com/u/0/permissions?pli=1 to revoke permissions for the malicious app. The app should be named "Google Docs" click the app and verify the Authorization date and if it is recent then remove it.

More information about this attack can be seen here https://isc.sans.edu/diary.html?n&storyid=22372

If you have clicked the link and/or provided your Duke credentials, please contact the OIT Service Desk at (919) 684-2200.
 
Learn more about phishing.

 

What to look for: the email

image001.png