On Wednesday, Google confirmed that a phishing attack that was launched by hackers on Google Docs. In a tweet on its Google Docs Twitter page, the company said: “We are investigating a phishing email that appears as Google Docs. We encourage you to not click through & report as phishing within Gmail.”
It however, said in a follow-up tweet shortly after, that it had resolved the issue, but provided a link for anyone who feels or knows that his account has been compromised to visit and make necessary changes.
The tweet followed complaints from some users about receiving suspicious emails in their Gmail account. The malicious emails, according to Forbes, were sent from contacts, asking people [Gmail account users] to open a Google Doc. Anyone who falls for this, is immediately asked to give authorizations to a fake Google Docs app. Granting such authorization, will give the sender [hacker] the permission to read, send, delete and manage email, as well as manage contacts.
The most fearful aspect of this kind of attack is that authorization doesn’t look harmless; but the real danger is that the sender starts using the access granted to spread warms; even to other users.
While the actual number of people affected by the attack is not immediately known or disclosed, it seems a lot of users were indeed affected. However, Google seems to have nipped it in the bud by revoking access granted to the app as well as snuffing life out of the phishing pages set up by the hacker.
Securing your account is only a few easy steps away: First, always take proper look at every email received in your inbox. Content of such email always comes like this: “Mr. Attacker has invited you to view the following document.” The recipient, according to report, is always added to the BCC field. Please note that this is usually the first clue that shows that something doesn’t add up.
Next step is to go to https://myaccount.google.com/permissions and revoke any permission granted to an app called Google Docs. Of course, Google said it had already revoked permission granted to the app, taking a few minutes to check through things for yourself won’t do you or your account any harm.
Last March, Google issued a warning along with a reassuring letter; telling users to beware of government-backed attack. In the statement posted on the company’s website, Google said “government-backed attack may be trying to steal your password.”
However, this warning also came with reassuring words; with the tech giant assuring users of the company’s readiness to protect accounts. Not that its [Google’s] policy has changed, but the statement on the company’s blog is just a reminder of the earlier warning it issued back in 2012.
A couple of journalists had reported receiving such warnings especially since the last US election was concluded. In the warnings sent to some of these journalists, Google warned “that government-backed hackers may be trying to steal your password.”
Is your account affected? Have you taken steps to secure it [your Gmail account]? Share your thoughts with us by using the comment section below.