Header Ads

Google Docs phishing scam on Gmail: Here’s how to keep your account safe

Google Docs, Google Docs Phishing scam, Google, Gmail, Google Docs Phishing scam account, Google phishing scam, technology newsGoogle Docs phishing scam via Gmail: Here’s how to protect your account information from hackers. (Image source: Twitter)
There’s a sophisticated Google Docs phishing scam doing the rounds on the internet, and it’s best to keep your account safe. For those who don’t know, users are reporting of receiving a link which says that someone has shared a Google Doc file with them, except this isn’t a real Google Docs file, and a pretty smartly designed phishing attack. So what should you look out for to avoid losing important account information? We explain.
What’s this phishing scam?
Users are reporting of an email, usually sent from an odd-sounding email id, where it says someone has shared a Google Docs file with them. When you click on the link, and then it takes to you an apps permissions page. Essentially, this is similar to a permissions page when you authorize a legitimate app to use information from your Google account.
Except the app in this case is named Google Docs, and this is not the real Google Docs app. As a report from BuzzFeed points out, the app wants widespread permissions for your Google account, and this is pretty dangerous. Remember your Google account is linked to your Chrome login, your Google Docs, Google Drive, has your personal information, etc. If you’ve stored passwords to other sensitive information on your Chrome linked with Google account, then such a phishing attack puts all of this data at risk.
As Twitter user Zach Latta shared on his Twitter feed, the phishing link is pretty convincing.
Phishing (or malware) Google Doc links that appear to come from people you may know are going around. DELETE THE EMAIL. DON'T CLICK. pic.twitter.com/fSZcS7ljhu
The email claims to be from someone you know, someone in you contacts, but the email id gives away that this is a phishing scam. If you think only users in the US are facing the scam, people in our office has also got this ‘Google Doc’ link.
You’ve clicked on the link. Now how to protect your account?
You can always revoke access for this fake Google Docs app. Just go to the link myaccount.google.com/permissions (make sure it says HTTPS in front of the link). Out here, you will see links for all the app, which have access to your Google account. Just remove the Google Docs app from this list. This is not the actual Google Docs app.
Also go through this list carefully and see what apps have access to your Google account information. Apps, which you don’t remember authorising or the ones you are not using anymore, it is best revoke their access.
Google Docs team issued a statement on Twitter saying, “We have taken action to protect users against an email impersonating Google Docs and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”
A Google spokesperson was quoted by BuzzFeed as saying the phishing attack affected 0.1 per cent of a total of 1 billion Gmail users.
The search giant will now redirect users to different page when people click on malicious Docs link. They will be taken to a page that reads, “We’re sorry…but your computer or network may be sending automated queries. To protect our users, we can’t process your request right now.”
So what happens when you grant account access?
When you grant permission to an app or website to access your Google account it gets some information. Some apps might get specific information like Google Calendar, Contacts etc. Some get basic information like your name, age, and gmail address.
Full account access will let the app see and modify nearly all information in your Google Account. However it can’t change the password or delete your account. Google’s support page says this kind of access should only be given to apps that a user trusts completely.

Some apps get access to view basic profile information like name, email, gender, or country. Finally when read and write access is granted to app and sites, they can post about this on Google products you might be using.

No comments:

Powered by Blogger.