“Yesterday, a sophisticated phishing attack swept through the network, masquerading as a Google Docs permission request, (The Google Docs spam attacks played off Google’s most fundamental weakness)”
I think it is a fundamental gap in the user experience associated with cloud services, and it is what this Verge article calls the unwalled-garden. If you started the Microsoft digital literacy course I shared a while back, you will be familiar with walled and unwalled gardens. With the ability to ‘spoof’ an email address (masquerading as an email address you know) or ‘spoofing’ domain names as if it originated from authentic sources, what we use to guard ourselves while using the internet has been hacked.
Technically, I advise these companies to improve their products by making each one an independent agent that can verify digital signatures. Such that Google’s own Chrome web-browser independently verifies if a Google Doc is authentic, based on an independent Google Digital signature product. And alert the user, within the email program, if it isn’t digitally authentic with a ‘potentially unsafe warning’. Other companies can do the same thing.
As for people, I am not shy about re-responding to someone if I suspect that the email isn’t authentic, before I open or click on anything. As someone who has to maintain my own computer, the redundancy in this practice saves me practically two days worth of cleaning my computer.