Gmail phishing scam targeting millions worldwide
- Author: Arturo Norris May 06, 2017,
May 06, 2017, 18:11
"We encourage you to not click through, & report as phishing within Gmail".
Google said in a statement sent to CBS News that by late Wednesday afternoon it had disabled accounts associated with the phishing attempt.
Google said it acted within one hour of the scam's appearance, but a lot of damage was done in that first hour.
Anyone who was taken in allowed the scammers access to all of their Google accounts, including Gmail and Google Documents. It asked for your password in order to give "Google Docs" permission to read your emails and contacts list. The company has pushed updates through Safe Browsing, and the concerned team is working to prevent such spoofing in future.
Because when you continue with docs, it is not an original page instead a third party malicious app which is named as "Google Docs".
At least hundreds of thousands of people got emails purporting to be a Google Doc shared from a contact, but it turned out to be a scam.
Google did not immediately say how many users were affected by the scam, but Roxbury, Somerset Hills and Wayne Township Public Schools say that they were affected, along with NJIT police.
If you clicked, the hacker gained access to your emails and email contacts, and was able to send and delete emails in your account, according to the Electronic Frontier Foundation.
The new feature, which will be gradually rolled out to all Gmail users over the next days, comes shortly after a widespread phishing attack that impersonated Google services hit a large number of users.
According to online reports, the attack was a phishing scam potentially aimed at stealing personal information and possibly even Google login credentials.
Heres what had gone down earlier today: an email would be sent to you, presumably from someone youd know asking you to accept a Google Doc share request. When the user clicks on the attached document, the link takes the user to your real Google security profile, where it will ask for permission to manage your account.