Earlier today Google was the target of a sophisticated Google Docs phishing campaign that quickly spread across Gmail accounts, including AU Gmail accounts. The phishing email looks very close to a real Google Docs notification and when clicked through it asks to authorize full access your email and address book to a likely malicious third-party. If access is granted more phishing emails are then sent from your account to addresses you have emailed in the past.
ITS has been working to stop and reverse the attack as soon as the phishing campaign started. We are currently removing the malicious third-party permissions from accounts that have been compromised. The ITS Help Desk is also contacting these users and instructing them to change their password.
If you are one of those users who clicked on the link, you should change your password immediately. Please email firstname.lastname@example.org
so we can open a ticket and follow up with you to make sure your account is clean. When you email us let us know that you have changed your password. Even if you didn’t provide your username or password your email account could still be compromised.
Please allow time for us to contact you as we are working as fast as possible with many users contacting the Help Desk.
ITS Security Team
Google's response to the recent phishing attempts:
"We have taken action to protect users against an email impersonating Google Docs & have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail."