BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

That Massive Google Docs Phishing Attack Has Taken A Weird Turn

Following
This article is more than 6 years old.

Yesterday, a phishing attack that security experts called "incredibly sophisticated" ripped through Gmail accounts at a blistering pace. Google managed to head the threat off at the pass, reportedly stopping it in its tracks after just 0.1% of all Gmail users had ever seen one of the malicious emails.

Image: Tom Page/Flickr

It was an odd incident, to be sure. This "sophisticated" attack didn't actually manage to do anything all that dangerous. The biggest reason why is that Google reacted swiftly, resolving the issue just an hour after a Google employee spotted news of the attacks on Reddit.

The other is that initial analysis suggests that all the attack did was harvest email addresses so that it could send the phishing email to even more users. That could mean that this was incomplete malware that was turned loose before it was actually ready to carry out its creator's nefarious plan.

There's also the remote possibility that it was simply a research project. That theory was put forward by a Twitter user name Eugene Pupov, a name that matches a Gmail account that was embedded in the phishing message.

In a series of Tweets, Pupov claimed that what happened was an accident. The code had reportedly been written as part of a graduate project he was finishing up at the University of Coventry. The emails that were sent were "simply a test" and the whole episode had "taken a toll" on his entire family, Pupov added.

You can't take everything you read on Twitter at face value, though, and so Motherboard's Joseph Cox went digging. The picture used on the account was indeed a gentleman named Pupov, but one who works at the Institute of Molecular Genetics. Cox also confirmed with the University of Coventry that there is not now -- nor has there ever been -- a student enrolled with the name Eugene Pupov.

Add in the fact that this Twitter account appeared out of nowhere the same day that the attack took place and that the Twitter avatar is now a plain white square and the whole thing takes on a decidedly fishy smell. It could be quite some time before the truth is revealed... if that ever happens.

On a good note, Google has made sure that Gmail users are well-protected against this threat and any that try to copy it. Just in case something similar does manage to slip past, here's a reminder: your best defense against phishing is an eye for detail.

As sophisticated as this attack might have been, the "to:" line in the message should have raised a red flag. The phishing mails were addressed to hhhhhhhhhhhhhhhh@mailinator.com. A message sent to that address... that happens to wind up in your inbox... should probably be deleted immediately.