Here's what to do if you’ve been affected by the massive Google Doc hack
There is a massive, sophisticated phishing campaign that has been shut down by Google after a large number of accounts were targeted, it is believed.
This hack has been successful as it appears so genuine, posing as an email from someone you know inviting you to view a Google Doc. Writer and professor Zeynep Tufecki tweeted a screenshot showing how easily people could be fooled into clicking on the link.
According to an analysis of the scam on Reddit, the message will have also been sent to the email address hhhhhhhhhhhhhhhh@mailinator.com.
If you click ‘allow’, the attacker has succeeded in compromising your account.
Cooper Quintin, a staff technologust at the Electronic Frontier Foundation, told Recode: ‘The attacker was then given permission to read all your emails, view your contacts and send emails on your behalf and delete emails in your inbox without ever having your login information.’
But if you didn’t click the link, didn’t open the email or deleted it, you won’t have been affected.
If you think you were affected, log in to Gmail and revoke permission for Google Docs to access your account.
Find out if your account has sent any spam emails by clicking on your ‘sent’ folder, and if so, follow them up with real messages advising your contacts not to open the messages.
Then change your password and enable two-factor authentication for added security.
In a statement posted on Twitter, Google said: ‘We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts.
‘We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.’
Post a Comment