G Suite users targeted by widespread phishing attempt

Posted: 13:56:25, Tuesday, May 9, 2017   Expiration: 13:56:25, Tuesday, Dec 31, 2019

On Wednesday, May 3rd, a widespread phishing attack targeted G Suite users to obtain access to Gmail, Contacts, and Docs.

Affected individuals received an email that contained a link that appeared to be a shared Google Doc from a person they knew. However, upon clicking the link Google prompted individuals to authorize an application named “Google Docs”. This malicious application attempted to obtain access to the user’s Gmail account and Google Contacts.

During this attack, more than 500 UW-Madison G Suite accounts were compromised. Through concurrent efforts, Google and the UW-Madison G Suite team removed the malicious application from affected accounts.

Affected individuals should no longer be concerned about the malicious application. However, they should take this opportunity to review other applications that are allowed to access their UW-Madison G Suite account. Learn how to view applications authorized to view your UW-Madison G Suite account.

While Google has committed to better detection and prevention of attacks like this, we suspect that this type of attack will be used again. We ask that you exercise caution whenever you are asked to authorize an application.

Signs of a phishing attempt include (but are not limited to):

  • Unexpected or unsolicited requests.
  • Request for authorization to your account when it is not required.

Learn more about the May 3rd Google Docs phishing scam.

If you have any questions or concerns, contact the DoIT Help Desk.

-- UW Google Apps: Christina Gomez

Created: 18:00:29, Monday, May 8, 2017 (by Christina G.)
Updated: 12:37:50, Monday, Jun 12, 2017 (by Karl W.)