A phishing scam last week that imitated Google Docs briefly, compromising around a million Gmail users in a few hours.
An app called ‘Google Docs’, not affiliated with Google, was the source of the attack. Emails were sent by the criminals to people telling them that one of their contacts had shared a file with them on Google Docs.
When users clicked on the link in the email they were then redirected to the OAuths’s authentication interface – which is what users would expect if they had received a genuine email Google. OAuth is a standard that allows Internet accounts at services such as Google, Twitter and Facebook to connect with third-party apps.
The fake authentication page asked users for permission to “Read, send, delete, and manage” users’ Gmail accounts, and manage their contacts. Grantng the criminals complete access to everything in the user’s account, the real intent of the cyber criminals.
As the attack spread rapidly, Google was made aware of the scam, after the emails had been making the rounds for about 3 hours, and to their credit resolved the issue within an hour.
Google acknowledged that 0.1% of Gmail users’ accounts were compromised before this phishing scam was resolved. This is around 1 million people, based on Google’s 2016 earnings call, which stated that Gmail had more than 1 billion active users.
The criminals were able to access the email addresses of anyone the user had corresponded with, and they used that information to spread the campaign rapidly.
Protecting against phishing scams
Google is advising that users to check their account settings for any third-party apps that may appear suspicious. In addition users pro-actively can also perform a Google security check-up.
Many such phishing attacks and malware infections begin with links or attachments sent by email. So, it is advisable that when receiving emails that redirect you to another destination to take great care