There are numerous articles filling up RSS feeds and inboxes this morning covering the Google Docs phishing incident that came to light yesterday. I have personally seen this phish in the wild with a few people and it is quite convincing. One of the more interesting angles to this story is the possible truth that this was a graduate project and in no way malicious.
Setting that possibility aside, the potential impact of such an effective phish in the hands of a cyber criminal should give all of us pause. Hoping for the best, we should use this incident as a training mechanism, explaining to users what the implications are of clicking on and/or authorizing access to online information. Take the time this morning to review your Google permissions and tell a friend to do the same.
Comments