Business

Google releases statement about Google Docs phishing attacks

Google has addressed a huge phishing attack that was spreading all over the place today. A phishing scam is a way of manipulating a victim into providing access to your accounts without their knowledge or by tricking them with a fake login page that looks like the real one.

Google says that it has disabled the accounts associated with the scam and will take necessary precautions to prevent a similar kind of attack. Developers will likely no longer be able to name things after other Google services word for word.

(1 of 3) Official Google Statement on Phishing Email: We have taken action to protect users against an email impersonating Google Docs…

Google Docs (@googledocs) May 3, 2017

(2 of 3) & have disabled offending accounts. Weve removed the fake pages, pushed updates through Safe Browsing, and our abuse team…

Google Docs (@googledocs) May 3, 2017

(3 of 3) is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.

Google Docs (@googledocs) May 3, 2017

If you clicked on the link and were affected by todays attack, Google says you should visit myaccount.google.com/permissions to revoke the Google Docs app. Google Docs doesnt require separate authorization as Gmail gives it by default.

Heres what had gone down earlier today: an email would be sent to you, presumably from someone youd know asking you to accept a Google Doc share request. Clicking the link takes you to a Google-hosted page where youd be asked to log into your Gmail account, still, from a Google page.

So this link would take you to a third-party app, ironically, also called Google Docs. This app requests your accounts permissions and clicking Allow opens a can of worms. The app accesses all your contacts and sends them a similar fate.

Its not to say that todays event could have been avoided, someone found a loophole and abused it and the victim could have been even the most savvy of internet users. If any app ever requests permission to access sensitive information like your contacts, you should proceed with caution.

Via