17may scam gives access to your gmail account hero default

Scam gives access to your Gmail account

A massive phishing scam was launched overnight that gives attackers access to your Gmail account.

×

Choose what’s right for you with confidence

Join today and get instant access to all test results and research.

It works by sending you a fake email request from someone you know asking to collaborate on a Google document. The link takes you to a page that asks for permissions from your Google account. The trick is that it’s not sending you to a malicious site, it’s sending you to a web app — called Google Docs, though it is not made by Google — and it’s this application that’s giving the phishers access to your emails.

The reason this scam is so convincing is that the whole process looks completely legitimate. The links come from someone you know, go to a real Google page, and it all works inside Google’s systems.

You can get rid of the app by following these instructions:

  • Under Sign-in & Security, click “Connected apps and sites” and then “Manage Apps”

  • There you’ll be able to manage the permissions you've granted to apps.
  • Locate the "Google Doc" app. The malicious app will have a recent "Authorization Time" so you can tell which is which.
  • Click on the Google Docs app and click Remove.
  • Then change your Google password.

At time of writing, it seems Google has locked this threat down. However, there are potentially a lot of users that may have been compromised.

So stay vigilant. Always ask why an app needs your information, even if they look legitimate, and don’t just blindly click “yes”.


By Hadyn Green
Technology Writer


Archive promo default

News, opinion and recalls

Want to see more articles like this? See our full lists of news, opinion and recalls.

Read more

×

Password reset.

Thanks for requesting to reset your password. We've sent you an email with instructions on what you need to do. If you haven't received the email within the next five minutes please call us on 0800 266 786.

Thanks

We just need to verify that this email address belongs to you. Please check your inbox. There should be a message from us where you can verify and activate your account.