Hackers have launched a sophisticated phishing attack against users of Google’s Gmail service. So be on the lookout for an invite to share a Google Docs document.
The good news? Google says it has moved quickly to protect customers.
“We have taken action to protect users against an email impersonating Google Docs and have disabled offending accounts,” a Google statement explains. “We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”
We use Gmail through G Suite at Thurrott.com, and while I’ve not exactly experienced this scam, Brad has.
You can read more about the scam on Reddit. But the good news is that it appears to be over.
Here’s an updated statement from Google.
“We realize people are concerned about their Google accounts, and we’re now able to give a fuller explanation after further investigation. We have taken action to protect users against an email spam campaign impersonating Google Docs, which affected fewer than 0.1 percent of Gmail users. We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems. We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed. There’s no further action users need to take regarding this event; users who want to review third-party apps connected to their account can visit Google Security Checkup.”
You may also recall that I documented basic online account security earlier this year.
<p>The important lesson here is that even if you use a cloud-only device such as the original Chromebook, you are still subject to being compromised. Of course Chromebooks that run Android apps expose users to even more issues.</p>