Phish­ing scam hits Google Docs

Web User - - Need To Know -

What hap­pened?

A phish­ing at­tack hit Google’s au­then­ti­ca­tion sys­tem by send­ing users an email con­tain­ing a fake Google Docs shar­ing link. If vic­tims clicked the link, the at­tacker in­stalled a web app via Google’s au­then­ti­ca­tion sys­tem, which asked for per­mis­sions such as read­ing your email and man­ag­ing your con­tacts. The dodgy app could then grab data in­clud­ing your con­tacts list, which could be ex­ploited to fur­ther spread the at­tack.

In re­sponse, Google blocked the dodgy app and re­vealed a new warn­ing tool that dis­plays a mes­sage to Gmail users on An­droid smart­phones when they’re about to click a link that goes to a known ma­li­cious site.

How will it af­fect you?

Although Google acted quickly to halt the phish­ing scam, more such ploys are bound to fol­low be­cause the tech­nique be­hind the at­tack re­mains open to abuse. That means you should be care­ful when open­ing links pur­port­ing to share Google Docs, and only click them if you’re sure they are safe. Be­cause the link may ap­pear to be com­ing from a known con­tact, it would be worth check­ing with that per­son first be­fore click­ing to open the link.

You should also check to see whether you have any un­ex­pected apps au­tho­rised in Google. To do this, head to the My Ac­count sec­tion of your Google pro­file and, un­der Sign-in & Se­cu­rity, click ‘Con­nected apps & sites’. You can then view the apps that are con­nected to your ac­count, and re­move any you no longer need or don’t recog­nise.

What do we think?

Google needs to do more than take out this spe­cific at­tack, it needs to pre­vent sim­i­lar ones from hap­pen­ing in the fu­ture. The warn­ing mes­sage is a use­ful tool, but past per­for­mance shows that many peo­ple will likely ig­nore it and click through to the dodgy site any­way.

In the mean­time, as usual, make sure any­one you know who isn’t as tech savvy as you is aware of this type of at­tack. You can also run a se­cu­rity check of your Google ac­counts at g.co/se­cu­ri­ty­checkup.

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.