A massive phishing scam was launched overnight that gives attackers access to your Gmail account.
Join today and get instant access to all test results and research.
It works by sending you a fake email request from someone you know asking to collaborate on a Google document. The link takes you to a page that asks for permissions from your Google account. The trick is that it’s not sending you to a malicious site, it’s sending you to a web app — called Google Docs, though it is not made by Google — and it’s this application that’s giving the phishers access to your emails.
The reason this scam is so convincing is that the whole process looks completely legitimate. The links come from someone you know, go to a real Google page, and it all works inside Google’s systems.
You can get rid of the app by following these instructions:
At time of writing, it seems Google has locked this threat down. However, there are potentially a lot of users that may have been compromised.
So stay vigilant. Always ask why an app needs your information, even if they look legitimate, and don’t just blindly click “yes”.
By Hadyn Green