Many were hit by the “spear phishing” Google Docs scam attack earlier on Wednesday, a situation that left many scratching their heads and then changing their passwords. It was an annoyance that seemed to come out of nowhere, with Buzzfeed calling it the “fastest-spreading spear phishing attacks in history.” The reason as reported by Sheera Frenkel is because the attack itself bypassed most of the security measures that people have been using to protect themselves. The attack seemed to spread at will, using our own trust in Google against us:
“It worked so well because it bypassed what people who have a basic knowledge of security know not to do. Even though it is incredibly simplistic, it was very effective,” said Collin Anderson, an independent cybersecurity researcher who is studying the attack.
If you enable two-step authentication or follow the rules regarding passwords, it did you no good when facing this speedy threat. As reported earlier, everything about the faux links to “Google Docs” seemed perfectly fine. It typically came from people you know, looked official, and even carried the Google name — something that should raise some alarm bells at Google.