Home / Explore Technology / Security / Don’t Fall for This Google Docs Phishing Scam

Don’t Fall for This Google Docs Phishing Scam

Did you click on an unsolicited Google Docs email invite today? It might have been a scam.

SecurityWatchAccording to Vice's Motherboard, online miscreants on Wednesday launched a "massive phishing campaign targeting Google accounts." The "highly sophisticated" campaign appears to have hit a number of journalists, along with individuals from other industries, the report notes.

The fraudulent emails include what appears to be a Google Doc link from someone the recipient knows. "These, however, are malicious emails designed to steal your Google password or hijack your account," Motherboard advises.

Reddit user JakeSteam, who received the phishing email, said clicking the purported Google Docs button in the message takes you to an actual Google page, which asks you to grant access to an app masquerading as Google Docs. Granting permission would give the attacker full access to your email messages and contacts. The email then replicates itself and spreads to "everyone you have ever emailed," according to JakeSteam.

Affected individuals who clicked "allow" should revoke access to the fake Google Docs app right away, JakeSteam recommends.

The attack can bypass two-factor authentication, so having that additional layer of security enabled won't help you. Note that it's still a good idea to have two-factor authentication enabled, as it makes your account much harder to crack.

In a statement, Google said it had shut down the attack, which affected "fewer than 0.1 percent" of Gmail users.

Related

"We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems," Google said. "We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed. There's no further action users need to take regarding this event.

Those who would like to review the third-party apps connected to their account can visit Google Security Checkup.

This phishing campaign comes after attackers in January targeted Gmail users with a sophisticated ploy designed to steal usernames and passwords.

Read more

About the-online-tech

Check Also

Symantec Discovers 8 Minecraft Apps Building a Botnet

Up to 2.6 million Android devices have been infected by these eight malicious apps discovered on Google Play.

Leave a Reply

Your email address will not be published. Required fields are marked *