A massive, sophisticated phishing campaign has been shut down by Google after a large number of accounts were targeted, it is believed, Joinfo.com reports with reference to Metro.
The hack has been successful as it appears so genuine, posing as an email from someone you know inviting you to view a Google Doc.
Writer and professor Zeynep Tufecki tweeted a screenshot showing how easily people could be fooled into clicking on the link.
Phishing (or malware) Google Doc links that appear to come from people you may know are going around. DELETE THE EMAIL. DON’T CLICK. pic.twitter.com/fSZcS7ljhu
— Zeynep Tufekci (@zeynep) 3 мая 2017 г.
According to an analysis of the scam on Reddit, the message will have also been sent to the email address [email protected]. If you click ‘allow’, the attacker has succeeded in compromising your account. Cooper Quintin, a staff technologust at the Electronic Frontier Foundation said: “The attacker was then given permission to read all your emails, view your contacts and send emails on your behalf and delete emails in your inbox without ever having your login information.’ But if you didn’t click the link, didn’t open the email or deleted it, you won’t have been affected. If you think you were affected, log in to Gmail and revoke permission for Google Docs to access your account.
Phishing (or malware) Google Doc links that appear to come from people you may know are going around. DELETE THE EMAIL. DON’T CLICK. pic.twitter.com/fSZcS7ljhu
— Zeynep Tufekci (@zeynep) 3 мая 2017 г.
Find out if your account has sent any spam emails by clicking on your ‘sent’ folder, and if so, follow them up with real messages advising your contacts not to open the messages.
Then change your password and enable two-factor authentication for added security.