A massive phishing scam was launched overnight that gives attackers access to your Gmail account.
Join today and get instant access to all test results and research.
It works by sending you a fake email request from someone you know asking to collaborate on a Google document. The link takes you to a page that asks for permissions from your Google account. The trick is that it’s not sending you to a malicious site, it’s sending you to a web app — called Google Docs, though it is not made by Google — and it’s this application that’s giving the phishers access to your emails.
The reason this scam is so convincing is that the whole process looks completely legitimate. The links come from someone you know, go to a real Google page, and it all works inside Google’s systems.
You can get rid of the app by following these instructions:
At time of writing, it seems Google has locked this threat down. However, there are potentially a lot of users that may have been compromised.
So stay vigilant. Always ask why an app needs your information, even if they look legitimate, and don’t just blindly click “yes”.
By Hadyn Green
Thanks for requesting to reset your password. We've sent you an email with instructions on what you need to do. If you haven't received the email within the next five minutes please call us on 0800 266 786.
Sorry, the information you are trying to access is available to paying members only. Your membership helps us deliver our services and advocate for a fair deal for all New Zealand consumers.
Not a member yet? Avoid expensive mistakes and join more than 80,000 other savvy consumers making smart decisions.