Google Adds Safety Feature to Android Gmail App After E-Mail Phishing Attack
- Author: Arturo Norris May 05, 2017,
May 05, 2017, 14:38
Because they actually were real Google sign-in pages. He did so, by using the search company's developer platform to create his own third-party app, and also called it "Google Docs".
What's more, the attack automatically propagated itself once people had authorised the app, spamming everybody in affected users' contacts list with the fraudulent Google Docs email invitation.
"To be clear, I'm not criticizing Google", DeMarre's post adds.
Yesterday, Google said that it had "disabled offending accounts", removed fake pages and taken steps to "prevent this kind of spoofing from happening again".
Based on the billion Gmail users around the globe, however, that's still likely around a million users.
The developer behind the fake Google Docs app only appears if you mouse over the product informaiton. Lately, the macro attacks have begun to see a resurgence as a younger generation of tech user (ones who were never told not to open unexpected attachments) started to shy away from clicking links in emails. Authorising the app also would have given the hacker access to the contents of the victims' inboxes.
The attack was stopped in a matter of hours, but now cyber security experts warn the way in which it was executed could lead to replicas using other popular platforms as cover. Basically, any means of getting the recipient to click on the email and then on the bogus document link were deployed.
"Hackers have a headstart exploiting this attack", she said.
There is some good news.
Most phishing attacks have some key identifiers.
Here's another tip, now that we're all paying attention to our internet hygiene.
By clicking on the link, users give permission for a malicious app to connect to their Gmail accounts and to access their personal information. In all likelihood, you are the target of a widespread phishing scam to get access to your account data. Because of how well put together the entire thing is, its spreading rapidly and a lot of accounts have been affected by it already. "It's a bit like George Costanza when he says, 'My worlds are colliding!' You don't want your worlds to collide". If you think you've been victimized by the scam, change your password and disallow access to the app.