If you have a Gmail account, beware of the most recent phishing scam that targeted roughly 1 billion Gmail users worldwide. This new scam compromises your email account and can give hackers complete access and control of your Gmail account and to all of your personal details and information.
The scam starts by sending Gmail users an innocent looking Google Doc link that appears to come from someone trusted in your contacts. If you click this link, it will give the hacker full access to your Google account. This means, that they can send emails on behalf of you, and can enable password-reset requests for other accounts and services, such as Amazon, Facebook, or banking accounts.
If the link to the Google Doc is clicked, it takes you to a real Google security page, and users are asked to give permission to this fake app that poses as Google Docs but is really designed to manage your email account. Once one account is affected, the scam will also send itself out to all of your contacts.
We are investigating a phishing email that appears as Google Docs. We encourage you to not click through & report as phishing within Gmail.
— Google Docs (@googledocs) May 3, 2017
Google stated that it disabled the malicious accounts, and pushed updates to all users. They said that the vulnerability was exposed to 0.1 % of Gmail users, which are still approximately 1 million users.
This scam is especially dangerous because both the email and link looks remarkably realistic and it appears to come from someone that the user already knows and trusts. Although the email looks legitimate, there is one giveaway that will alert you and help you to avoid the scam. In the main recipient field, the email was sent to [email protected]. Your email address would have been included in only the BCC field.
If you received this email, it’s best to report it as phishing by clicking the arrow beside the reply button, “Report Phishing”. Then you should delete it. If you by accident clicked on the malicious link, do not grant permission to the Google Docs app. If you have already clicked on the link and granted the app permission, go to your Google connected sites console and immediately revoke access to Google Docs. You should also revoke access to any app listed there that you don’t recognize. Lastly, you should be sure to also change your password to something very secure.
Always ensure you’re protected from phishing scams and get the ZoneAlarm Anti-Phishing solution that will always protect you from phishing scams and put your security first. The best thing to do to ensure you’re safe is to only click on Google doc links that you’re absolutely sure you’re expecting. It’s recommended to even contact your friend to ensure that it was really them that sent it to you.