Were You a Victim of the Recent “Google Docs” Worm?


Stephen Frazier has shared a document on Google Docs with you! Or has he…?

On May 3, a particularly tricky worm spread like wildfire throughout the Internet by means of phishing emails that claimed to be from Google. These email messages fraudulently claimed that someone, possibly known to the recipients, shared a Google Doc with them. Classic phishing attacks typically involve sending emails in order to trick people into revealing personal information such as usernames and passwords and/or credit card numbers.

Unbeknownst to users who clicked on the link in the phishing email and granted access to their Gmail data, a malicious virus then had access to all of their email messages and contacts. The phishing message was then automatically forwarded to their contacts! Several detailed breakdowns are available online regarding how this attack worked, why it was so successful, and what giveaways should have alerted people to the scam.

A Google spokesperson told Business Insider that 0.1% of Gmail users were affected. That may seem like a small percentage… but Gmail is host to at least 1 billion active users! Thus, nearly 1 million people may have been affected by the virus within a few hours before it was shut down. From a criminal perspective, it was a rapid and rousing success!

Western Illinois University uses G Suite (formerly known as Google Apps for Education) for its email/calendaring solution, which made this attack rather successful. University Technology estimates that over 900 WIU users fell for this phishing email. The phishing message was so cleverly disguised that it even gave pause to many of us in University Technology – the email came from a known contact, the message had a convincing appearance, and our institution recently adopted Google Docs.

Within an hour of first noticing the email, University Technology had notified faculty, staff and students of the issue and provided instructions on protecting affected accounts. Our Support Center and infrastructure teams started contacting individuals affected and severed the connection between users’ data and the underlying malware.

Despite its success, many within the University community recognized this scam and reported it to Google. We congratulate these individuals, as they, along with other people around the globe, brought this phishing scam to a quick halt. Everyone has a duty to learn to recognize and respond to phishing scams – those that fail to do so risk handing over their personal data or the University’s data to hackers, thieves and other nefarious actors.

Please remember that you can change your WIU ECom password at any time – you do not need to wait until your password expires. If you ever question whether your account may have been compromised or you simply want to change your password to be something more secure, you can do so by logging in to Guava and clicking the “Password” icon.