There are numerous articles filling up RSS feeds and inboxes this morning covering the Google Docs phishing incident that came to light yesterday.  I have personally seen this phish in the wild with a few people and it is quite convincing.  One of the more interesting angles to this story is the possible truth that this was a graduate project and in no way malicious.

Setting that possibility aside, the potential impact of such an effective phish in the hands of a cyber criminal should give all of us pause.  Hoping for the best, we should use this incident as a training mechanism, explaining to users what the implications are of clicking on and/or authorizing access to online information.  Take the time this morning to review your Google permissions and tell a friend to do the same.

https://www.tripwire.com/state-of-security/security-data-protection/google-docs-worm-ransacks-gmail-users-need-know/

https://nakedsecurity.sophos.com/2017/05/04/student-claims-google-docs-blast-was-a-test-not-a-phishing-attempt/