Google has reportedly taken steps to combat the attack by disabling offending accounts and pulling out fake pages.
BuzzFeed News also quoted a statement from the company saying that the attack affected fewer than 0.1 per cent of total Gmail users.
An email virus disguised as a Google Document hit campus emails Wednesday afternoon. We’ll keep an eye on the situation and report on any further developments. Doing this would take the users to a “legitimate” Google sign-in screen, reported The Guardian. Hence, those who receive an email which says that someone from their contact list has shared a Google document with them should think twice before accessing it.
According to an analysis of the scam on Reddit, the message will have also been sent to the email address [email protected]. Invite recipients are BCC’d in the email.
Now, instead of having to rely exclusively on your spidey senses, Gmail tell you when something’s awry. They did so by taking the advantage of the fact that one can create a web app similar to Google page but with a misleading name.
Clicking the “Allow” button will let the attacker access your account – and will more than likely allow the cybercriminals to continue sharing the dodgy Google Doc link with your contacts.
Gmail users have been warned that their accounts may be vulnerable following a phishing attack sweeping the internet, allowing cyber criminals to gain control of email accounts.
What should I do if I clicked through? The app will provide users with an additional warning when they click on a link in an email that the app deems to be suspicious.
If you see a “Google Docs” app in your permissions, this is the malicious app.
You can verify it by checking the title for developer information. Revoke its permission immediately, and then change your password.
However, in an impressive feat of swift effectiveness, Google confirmed that it had stopped the phishing campaign “within an hour”.