Phishing Hook

Today I, along with a number of my friends got duped into clicking on a phishing attack posing as Google Docs link. The offending email essentially states that a document has been shared with you and gives a legitimate looking button enticing the unsuspecting target to click it. Since the email I received appeared to be from someone I’ve routinely share documents with via Google Docs I wasn’t as diligent as I normally would be and followed the link thus opening my Google account to the attack.

This particular attack resulted in many of my contacts being sent the same link. Although this attack compromised my Google account I don’t actively use it for anything beyond logging in to various Google services. That said, I do still have some contacts on there from when I did use it for much more so while quite a few of the emails bounced due to invalid addresses, other legitimate contacts have been emailed, tricked, and therefore affected.

Google has reportedly deactivated the offending app and is investigating the incident but since this paves the way for copycats I thought I’d share the steps for revoking permissions from apps that have been previously been allowed to access your Google accounts. It’s always a good idea to periodically review what you’ve granted access to anyway so without further ado…

1.) Navigate to the Google account permissions page.

2.) Locate the app you want to remove and click it. For example, I want to revoke permission for a Wheel of Fortune game I no longer play so I’ll click anywhere in the row pointed to in the image below. (The app responsible for today’s attack would be listed as Google Docs. I revoked the permissions once I realized what was happening – even before Google shut it down.)


3.) Once the row is expanded, simply kick the “Remove” button.


4.) You’ll then be prompted to confirm removing the app’s permissions. Click the “OK” button to remove the app’s access to your account.


5.) Upon clicking “OK” the app will be removed from the list.