Home > Security & Privacy
Beware Phishing Emails Posing As Google Docs Invites (Updated)
Weerapatkiatdumrong via Getty Images
May 4th, 2017 | 10:24 AM | 1244 views
ENGADGET.COM
Someone is trying to hijack email accounts on a grand scale.
If you received an out-of-the-blue email purporting to share a Google Docs file, you're not alone -- and whatever you do, don't click the link inside. Many people online, including more than a few journalists, have been bombarded with phishing emails (currently from a mailinator.com account) that try to trick you into opening a fake Google Docs link. If you click through and grant a bogus "Google Docs" app access to your Google account, the perpetrators can get into your email. And of course, havoc follows after that -- the app spams email to everyone you've ever messaged, and bypasses Google's usual login alerts (including for two-factor authentication).
There have also been reports of Google Drive struggling at the same time, although it's not certain the two are related. Drive was up and running as we wrote this.
It's not certain who's behind the phishing attempt, or just what the fake Google Docs app is doing. We've reached out to Google for more. However, the company already says it's investigating the scam. The one thing that's for certain is the sheer scale and effectiveness of the attack. Both the email and the web pages look very legitimate, so it's all too easy for even seasoned internet users to fall prey to the attack. It could be a while before we know the full extent of the damage.
Update: Google tells Engadget that it has taken down the responsible accounts, pulled fake pages and delivered relevant Safe Browsing updates. Also, it's taking steps to prevent a repeat of this incident. You can read its full statement below.
"We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We've removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail."
Source:
courtesy of ENGADGET
by Jon Fingas
If you have any stories or news that you would like to share with the global online community, please feel free to share it with us by contacting us directly at [email protected]