Google releases statement about Google Docs phishing attacks

Google has addressed a huge phishing attack that was spreading all over the place today. A “phishing” scam is a way of manipulating a victim into providing access to your accounts without their knowledge or by tricking them with a fake login page that looks like the real one.

Google says that it has disabled the accounts associated with the scam and will take necessary precautions to prevent a similar kind of attack. Developers will likely no longer be able to name things after other Google services word for word.

If you clicked on the link and were affected by today’s attack, Google says you should visit to revoke the “Google Docs” app. Google Docs doesn’t require separate authorization as Gmail gives it by default.

Here’s what had gone down earlier today: an email would be sent to you, presumably from someone you’d know asking you to accept a Google Doc share request. Clicking the link takes you to a Google-hosted page where you’d be asked to log into your Gmail account, still, from a Google page.

So this link would take you to a third-party app, ironically, also called Google Docs. This app requests your account’s permissions and clicking “Allow” opens a can of worms. The app accesses all your contacts and sends them a similar fate.

It’s not to say that today’s event could have been avoided, someone found a loophole and abused it and the victim could have been even the most savvy of internet users. If any app ever requests permission to access sensitive information like your contacts, you should proceed with caution.


Source link

Post navigation