fbpx
Thursday, 04 May 2017 09:09

This sophisticated phishing scam has the entire internet terrified

By: 

A dangerous email phishing scam is doing the rounds today. Employees at multiple organizations that use Google for email, as well as thousands of personal Gmail customers, are all reporting the same scam.

It starts with an email from a known contact, which says that the person has shared a Google Doc with you. You’re invited to click the link to open, which redirects you to a legitimate Google sign-in page. You’re prompted to select one of your Google accounts (remember: this is all using Google’s normal sign-in system), and then authorize a legit-looking app called “Google Docs” to manage your emails.

That’s how the scam works: the app called “Google Docs,” which requests permission to read, send and delete emails, isn’t really a Google app. Rather, it’s an app controlled by the hackers. It seems that once it has permission to manage your email, it secretly sends out a bunch of emails to all your contacts, with the same phishing link.

@zeynep Just got this as well. Super sophisticated. pic.twitter.com/l6c1ljSFIX— Zach Latta (@zachlatta) May 3, 2017

Once the hackers have control of your Gmail account, the possibilities are scary. Personal and business email accounts are commonly used as the recovery email on a number of digital accounts, which means that hackers could potential get control over your Apple, Amazon, Facebook, Twitter or personal Google account. Anything linked to a compromised Gmail account is potentially at risk.

To protect yourself, the most obvious thing to do is to delete any email about a shared Google Doc, unless you can personally verify with the sender that it’s not a phishing email. If you already clicked on the link, you should set up two-factor authentication, using a cell phone number, on any critically important account.

You can also remove permissions for the fake “Google Docs” app from your Google account. Go to myaccount.google.com, Sign-In and Security, and Connected Apps. From there, look at the list of connected apps, and ensure that anything you don’t recognize is deleted.

This article was published in bgr.com By Chris Mills

Leave a comment

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media