Large Scale Spear Phishing Attack

UPDATE: Google has officially released a statement that they have stopped the attack.

-----------------------------------------------------------

Currently there is a large scale phishing attack that is propagating throughout the internet.  The attack appears as a legitimate email from an employee within your company or address list, and instructs the recipient to click on a link that looks like a legitimate link to a Google Document.  Please be aware and inform your employees to not click on this link.  If clicked, you are asked to grant permissions to an illegitimate Google Drive application that then parses your emails and contacts to send additional messages to. 

If you have clicked this link, please mitigate the attack by doing the following:

“[I]f you have clicked on the link, go to your Google account's page (https://myaccount.google.com/permissions) where you can manage the permissions you've granted to apps. Then locate the "Google Doc" app. This looks totally legitimate, but it's actually not. If that's the malicious app that's gotten access to your account after you clicked on the link it should have a recent "Authorization Time." Now, click on that Google Docs app and click Remove.”

More details can be found here: https://motherboard.vice.com/en_us/article/massive-gmail-google-doc-phishing-email

Please do not hesitate to reach out to our helpdesk directly at 650.454.8850 for assistance with this.

Thanks,

Kinetix Support