Gmail phishing attack: Google email users hit by massive scam sweeping web - here's what you can do
A huge scam is sweeping the web and anyone with a Gmail account may be vulnerable.
Huge numbers of people may have been compromised by the phishing scam that allows hackers to take over people's email accounts.
Now is a really good time to go through the apps you've authorized to access your Gmail account. https://t.co/35FkjCb8p9— Parker Higgins (@xor) May 3, 2017
It's not clear who is running the quickly spreading scam or why. But it gives people access to people's most personal details and information, and so the damage may be massive.
The scam works by sending users an innocent looking Google Doc link, which appears to have come from someone you might know. But if it's clicked then it will give over access to your Gmail account — and turn it into a tool for spreading the hack further.
As such, experts have advised people to only click on Google Doc links they are absolutely sure about. If you have already clicked on such a link, or may have done, inform your workplace IT staff as the account may have been compromised.
The hack doesn't only appear to be affecting Gmail accounts but a range of corporate and business ones that use Google's email service too.
If you think you may have clicked on it, you should head to Google's My Account page. Head to the permissions option and remove the "Google Doc" app, which appears the same as any other.
You'll be able to tell if it is the malicious app if it has a recent authorisation time.
That app has full access to a person's Google account as well as being able to send emails that appear to be from them, making the attack especially dangerous.
The email itself comes addressed to firstname.lastname@example.org — which is the only way to know that the email is malicious. They otherwise look completely legitimate, including the account in the "from" field.
If you haven't yet clicked the link
First, it's worth making sure you haven't. If there's any chance that you might have done – which is to say, if you've opened any Google Docs links recently – then you should assume that you might be affected and follow the relatively simple steps below.
But if you definitely haven't, then the main thing to do is to remain vigilant.
First, don't click on any Google Docs links that you're not absolutely certain are legitimate – confirm through some other means with the person sending them that they intended to. If you don't ever click on such a link, then you can't fall victim to one.
And make sure that everyone else you know is vigilant about such scams, too. Also remember that if they are, they probably won't be opening any Google Docs invites you send them – if you need to share something, either let them know an invite is coming or preferably send it through some other means for now.
If you think you might have clicked the link
Firstly, don't panic. The potential effects of the scam are huge – but it's also relatively easy to undo much of the damage.
If there's any chance that you think you might have been hacked, then follow the steps below. There's no danger done by doing so even if you haven't in fact become part of the attack.
Now head to Google's My Account page, and head to the app permissions options. You'll be looking to remove the very bad but legitimate looking "Google Doc" from having any permissions – if it's there, and has a relatively recent authorised date, then you know that something's up.
Once it's kicked out of your account, the control the scam has over your account will be stemmed – it will no longer be able to read your email or send out the invites.
But its aftereffects may continue. And so you should do what you can to prevent those, too.
First, inform anyone that is in control of your network. In most workplaces and universities hit by the attack – which is targeting corporate email accounts using Google software as well as Gmail ones – there will be someone in IT or the network team who can help and ensure that the institution's computers are kept safe.
Second, get in touch with anyone you think you might have secretly sent the link to and share this article with them, to ensure that they too can stay safe. Don't spam your contacts, of course – but make sure that they are safe.
Independent News Service