This Fast-Spreading Google Docs Phishing Scam Is Dangerously Convincing!
Yesterday, millions of Google accounts were compromised by an extremely sophisticated phishing scam. Google users, especially those who frequently use Google Docs, were advised to be extremely cautious.
[Image Source: Wikimedia Commons]
Not only did the scheme gather your personal information, it uses the contacts list to send phishing invites to everyone on the list. The phishing attack only took two clicks before hackers had access to your personal email history.
— Zach Latta (@zachlatta) May 3, 2017
It was both simple and powerful. Users got an email from someone who had previously emailed you. They requested to share a document with you. Clicking the button led to a pretty convincing Google-hosted page. It asked for your password in order to give "Google Docs" permission to read your emails and contacts list.
But "Google Docs" was an app that used the actual Google Docs name. No one has yet to say how or why a third-party app was able to get away with using the company's licensed name, but figuring that out is probably on Google's to-do list.
Hours later, Google announced it had the situation under control through three tweets which read:
"Official Google Statement on Phishing Email: We have taken action to protect users against an email impersonating Google Docs and have disabled offending accounts. We've removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail."
While the company said it's specifically stopped this scam, it has yet to hint at any major crackdowns in the event of copycat attacks. However, there are ways for users to be proactive while Google figures out a plan. In order to guarantee your safety, check Google's account permission
Phishing is a relatively popular term related to hacking. However, email scams get circulated by those who don't know what they are. Phishing is the sending of emails claiming to be from a trustworthy source in order to gain personal information.