A new Google Docs phishing scam has arrived and it’s spreading way too fast!! Even though Google appears to be taking action to stop it, but in the meantime: be extra vigilant of Google Doc invites for now.
Several people online across a range of industries said they received emails containing what looked like a link to a Google Doc that appeared to come from someone they know. These, however, were malicious emails designed to hijack their accounts.
A Reddit user has a good breakdown of what happens exactly when you click on the Google Doc button. In a few words, when you click on the link, the login screen takes you to a genuine Google domain, but that domain asks you to grant access to an app called Google Docs that is not the real Google Docs. And the “Google Docs” app reads all your email and contacts, and then self-propagates by sending more emails.
If you have already clicked on such a link, or may have done, inform your workplace IT staff as the account may have been compromised. It has also been advised to those who have think they might have clicked it, that they should head to Google’s My Account page. Head to the permissions option and remove the “Google Doc” app, which appears the same as any other.
The hack doesn’t only appear to be affecting Gmail accounts but a range of corporate and business ones that use Google’s email service too.
No comments:
Post a Comment