Google’s Gmail service was in the middle of a major phishing attack just last month.
Gmail users received messages from someone posing as one of their contacts in which they were invited to work on a shared Google Docs file.
Once the victim clicks on the link, they are asked to log-in using their account.
When the user complies, the fake Google Docs application then requests for access to the user’s other Google accounts.
It is worth noting that the malware does not ask for the user’s password, appearing to bypass Google’s two-factor authentication and sign-in alert notification features.
If successful in hijacking an account, the malware will then scan through the contacts list and attempt to infect them as well.
The malware is also believed to have the capability to access messages and other accounts and services linked to the infected Google account.
The malware messages were sent using Mailinator, a free, disposable email service anyway can register with. The emails were addressed to ‘firstname.lastname@example.org’ with the victims being in the BCC field.
Google admitted that the phishing attack has affected their users and warned the public about the scam.
It is worth noting that the malware appeared to bypass Google’s two-factor authentication and sign-in alert notification features.
The team behind Google Docs said they were able to remove the fake pages spawned by the phishing attack while also updating their safe browsing features.
If you (or someone you know) were infected by this malware, go to your account page and manage the permissions you granted to apps. Once you see “Google Doc” in the list, click on it and choose “Remove”.
The app might seem the real thing, but it actually is not. Checking on its “Authorization Time” will show a recent time and date – showing when your account was presumably hijacked.
Users who think they might have clicked on a link that fits the description of the Gmail malware attack should go to their security checkup page to remove apps they do not recognise using.
Google released a statement, saying, “We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts.”
They added that the fake pages were removed, pushed their updates through safe browsing, and that they are working on preventive measures against future attacks. They encouraged the public to report any phishing or malware attacks they encounter, too.
Google also reported that they were able to contain the phishing attack within an hour of it happening and that less than 0.1% of their users were infected – which computes to about 1 million victims.
Comprehensive multi-device protection for you and your family for up to 6 PCs, Macs, Android, and iOS devices. For more info click here.