A very sophisticated and malicious phishing scam is spreading across the Internet, infecting computers and comprising the safety of millions of Gmail users around the world, Google confirmed on Wednesday.
Large numbers of people reported they had been hacked after receiving an email from a known contact asking them to open a link to what appeared to be a Google document page.
In a statement late yesterday, however, Google said that even as the campaign accessed and used contact information, no other data was apparently exposed. The company has pushed updates through Safe Browsing, and the concerned team is working to prevent such spoofing in future.
Google responded Wednesday by releasing a new security feature for Gmail on Android that warns users when they click on a suspicious link in an email.
– Google Docs (@googledocs) May 3, 2017(2 of 3) & have disabled offending accounts. But clicking on the link wouldn’t take users to a Google Doc. The invitation looks like a standard Google Doc invite in Gmail, but it is actually a fake posing as one in an effort to get into your email.
If you inadvertently give access, this opens your account to the attacker, who can read your emails and access your address book. Clicking on the invitation led to a real Google account selection screen. It is recommended that you go through a Google Security Checkup to make sure that only the entities you trust have access to your accounts.
Google said it had busted an email spam campaign that impersonated its online file service, Google Docs.
“We were able to stop the campaign within approximately one hour”.
Google uses an authorization system called OAuth, which uses security tokens instead of passwords to connect your Google account with third party apps.
According to some reports, these fake Google Doc links will take users to a genuine Google page to select an account.