Cyber crimes are increasing at a rapid pace. Hackers are waiting to get their hands on your private confidential data. From Miley Cyrus nude photo leak to innumerable phishing scams, cyber crimes are making our digital lives increasingly risky. Today’s Google Docs phishing scam is no exception. In case you have been hibernating, there was a massive wave of Google Docs phishing attacks today. Several users have reported that their Google account has been compromised.
Here’s what you can do if you got affected by Google Docs phishing attack
Today’s phishing scam is pretty simple and straightforward – an e-mail with an invitation to view Google Doc shared by someone in your contact list. Unsuspecting users, thinking the mail to be genuine, clicked on the link. They were then redirected to Google.com. The page requests permissions for the app to let the hacker allow access to your Gmail account.
Once you click on the Google Doc view link and grant permissions, your account is at the mercy of the hacker. This is one of the simplest phishing e-mail attacks in recent times. Many users mistook the mail to be genuine and authentic, since it looked like the mail had been sent by someone in their contact list. Cooper Quintin, staff technologist at Electronic Frontier Foundation said he received, within an hour, over 400 e-mails from people whose Google account had been compromised today.
“The attacker was then given permission to read all your emails, view your contacts and send emails on your behalf and delete emails in your inbox without ever having your login information. It’s totally unclear what this app was doing. We still don’t know what the purpose of this phishing campaign was.” said Cooper.
Google swiftly acted in response to the massive phishing attack and has disabled the phishing campaign completely. But if your account has been compromised by the attack, here’s what you can do –
- Head to Google account management page.
- Click on Google Docs app to opt to revoke permission for the app to access your account.
- Change your password.
- Finally, as a last measure, enable two-factor authentication on your account.
Two-factor authentication lets you receive a code on your verified phone number. With this, only the person with both the password and the code on your smartphone can access your account.
“We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail”, Google said in its statement.
Don’t forget to check: Steps To Take Right NOW To Protect Your Private Data