Google’s gotten caught up in a whirlwind of a phishing attack that spread like wildfire among millions of Gmail users. While the threat has been vanquished now, questions still remain about the loopholes that let it to multiply in the first place.
The reason the malicious scheme was able to get around so fast was because of how authentic it looked. The scam begins with a user receiving an email from someone they know. It contains a fake Google Docs link that redirects them to a real Google account selection screen.
Choosing one prompts up a permissions window asking them to allow ‘Google Docs’ to read, send, delete, and manage their email, in addition to managing their contacts. Clicking on the words Google Docs at this point reveals that a random Gmail account is behind the app and not Google itself.
Unfortunately, it seems most people found this out too late and gave the phony ‘Google Docs’ permission to access their account. Doing so let the scammer send the same phishing email to all their contacts. It seems this is all the assault did, but it could have been much worse since the person behind it could have performed password resets or read sensitive data.
It appears the attacker made a third-party app called Google Docs and then unleashed it upon the world. Many individuals have pointed out that this shouldn’t be allowed in the first place. The company is taking heed of this, promising to prevent this kind of spoofing from happening ever again. For now, it’s disabled the offending accounts and removed the fake pages.
It would be best to be extra suspicious of any Google Doc emails for now until the firm comes up with a permanent solution to thwart copycat scams. Affected users should head to their Google account’s app permissions page and remove the bogus Google Docs from the list. The actual Google Docs has automatic access to a user’s account.
Coincidentally or perhaps not that coincidentally, the Gmail for Android app announced an anti-phishing security update just hours after all this went down. Clicking on a suspicious link in a message will now trigger a warning prompt advising against continuing on to the site.