Today, I received a funny email…. It had to do with a Google Doc, but with a strange subject line and an odd “hhhhhh” recipient address. Many Google Docs users were impacted by this sophisticated phishing attack. An email is sent asking a user to sign in to a Google Doc, which takes them to a “continue to Google Docs” login page. But, in doing so, this grants a malicious third party web app access to the user’s email and address book, further propagating the attackers reach. To read more, check out this article by The Verge.
Recent updates to the Google Doc phishing attack has also brought the attention of Russian hacker groups that are using OAuth to bypass Google’s two step verification to phish users. The attack works by sending out a fake email, pretending to be from Google, with the title “Your account is in danger.” It then asks the user to install Google Defender, which is a hoax. To read more, check out this article by PCWorld.
Tempus Nova’s application development team has been working on a solution that will help eliminate and reduce the impact of such attacks. Our soon to be released G Suite Marketplace product, named Lancetfish, is an application that, amongst other features, runs on a periodic basis scanning end users’ installed third party applications. Administrators preload a list of approved third party applications into the system. If the system finds an application that has not been previously approved by the organization, it will revoke the application. Conversely, administrators can upload a list of non-approved third party applications and the system will remove any offending third party applications it finds.
Such functionality would have been useful during this latest phishing attack. Additionally, the tool has a full suite of reporting capabilities at the Organization Unit level, which administrators find incredibly helpful.
If you are interested in learning more about Lancetfish and Tempus Nova, please CONTACT US.