What Can We Learn From the Google Docs Phishing Attacks?

May 8, 2017 | By

If you do any sort of work that involves the internet, odds are good you heard about the massive and highly successful Google Docs phishing scam that transpired a few days ago. Similar to the Microsoft Word phishing we wrote about in our zero-day exploits blog post, this was a tricky and believable scam. In fact, it’s one of the more convincing ones we’ve seen to date. Hopefully none of our readers fell victim, but if you did, rest assured that you can sign up for a free trial of Strongarm and eradicate any lingering traces from your machines.

The Google Docs Phish: Putting the Attack in Perspective

Plenty of outlets have covered the ins and outs of the attack and explained how to avoid it and what to do if you fell victim. However, we wanted to take a step back and talk about how this attack fits into the overall cybersecurity landscape, and what relevant takeaways you should be aware of.

From our perspective, this is a new era in phishing. Attackers are getting better and better. They’re using more automation (e.g. exploit kits). They’re able to quickly and effectively duplicate emails that look just like the notifications we are accustomed to getting every single day (as in the case of these Google Docs phishes). They’re posing as Apple support. They’re even sending FedEx Delivery Notifications.

Even with user education about how to spot phishing and steer clear, these messages are getting more difficult to spot. Attackers are using certificates to reassure victims it is ok to click. It’s all quite creative and, unfortunately, quite effective.

As much as we believe in user education, there is a limit to how much you can educate your users about phishing tactics when they are changing all the time, growing more and more sophisticated by the day. In our view, we’re getting to a breaking point regarding education vs. protection (i.e. whether it’s more important to focus on user education or technical protection). Frankly, the phishes are just too good. It’s time to get serious about a safety net.

What Phishing Protection Really Entails

It’s a good idea to have antivirus and firewalls installed on your network and machines, but they aren’t enough. It’s also a good idea to invest in email systems and servers that offering phishing protection. But this isn’t enough either. As phishing attacks evolve, we have to accept that some of them will get in and start building a more effective layer of protection.

One of the best ways to protect against the damage that phishing can cause is to use DNS-based malware protection. This type of protection doesn’t depend upon signatures or IP addresses, which can be rapidly swapped out by criminals to avoid detection. Instead, it relies on curated and constantly updated domain feeds that pinpoint sites connected with phishing attacks and stop your network from communicating with those sites.

This is exactly why we built Strongarm. By tracking the sites that attackers are setting up to phish you, Strongarm provides a backstop to your phishing education programs and guarantees that, even if someone falls victim and clicks on a bad link, your machines and network will be spared the havoc phishing can wreak. This week’s Google Docs attack is a perfect example of why we must combine education with protection to stay safe in today’s heated malware climate.

Ready to protect your own organization?

Try Strongarm Free for 30 Days