Friday, 19 May 2017

Beware! Gmail Users! DO NOT OPEN THIS MAIL

A new Google Docs phishing scam has arrived and it's spreading way too fast!! Even though Google appears to be taking actions to stop it, but in the meantime: be extra vigilant of Google Doc invites for now.

Users are asked to click on the link, which ultimately gives the hackers behind the attack access to the contents of their Google accounts, including email, contacts and documents, Daily Mail reports.

Not only are victims' accounts controlled by a malicious party, but if users follow the instructions, the same email is sent to anyone they have ever emailed and their contacts.

The scam seems to have surfaced sometime yesterday afternoon and appeared to first target journalists - BuzzFeed, Hearst, New York Magazine and Gizmodo reported receiving the infected email.

A Reddit user has a good breakdown of what happens exactly when you click on the Google Doc button. In a few words, when you click on the link, the login screen takes you to a genuine Google domain, but that domain asks you to grant access to an app called Google Docs that is not the real Google Docs. And the "Google Docs" app reads all your email and contacts, and then self-propagates by sending more emails.

If you have already clicked on such a link, or may have done, inform your workplace IT staff as the account may have been compromised. It has also been advised to those who have thought they might have clicked it, that they should head to Google's My Account page. Head to the permissions option and remove the "Google Doc" app, which appears the same as any other.

The hack doesn't only appears to be affecting Gmail accounts but a range of corporate and business ones that use Google's mail service too.


Post a Comment