10/10/2023 0 Comments Fake google docs sign in pageThis attack did not trick users in a traditional way which would take you to a fake Google page and steal your password instead it leveraged the existing Google login system and asked for your permission to gain access to your account. You should also learn that a genuine Google Docs invitation link doesn’t require permission to access your Google account. Ask them not to click on the link to prevent further damages. – Then, inform those who have received phishing emails sent from your compromised account. – Remove the permission given to the malicious app from your account settings page right away. However, you may still wonder what you should do if you have clicked on the malicious link in such phishing scam. ![]() Thankfully, after receiving the report, Google has resolved this issue within hours by removing the fake pages and pushing updates to Safe Browsing, Google’s malicious site monitoring service. What to do if I have clicked the malicious link in the phishing mail? Once your Gmail account was hacked, the attacker could use it to send password reset requests and thus gained control over all of your connected accounts.Īdditionally, since the attacker could access all mails in an affected account, they may also read messages in the mailbox and invade your privacy. You may link your Google account to other online services just like what many people do. Not just your Google account but all services linked to it were in danger This trick made the fake emails more convincing and thus more people would fall victim to the scam. If you clicked “allow”, the attacker could get full access to your Gmail and send phishing Google Docs links to your contacts on your behalf. Unless you happened to click “Google Docs” and found out the developer of this web app was a random Gmail account rather than an official email from Google teams, it was almost impossible not to grant permission at the moment. ![]() Once hitting the button, you would enter a REAL Google account sign-in screen that asked you to “continue to Google Docs.”Īfter you chose an account to continue, you would see a page that shows “Google Docs would like to read, send and delete emails, as well as access to your contacts” to acquire your permission. Despite that Google has resolved the issue speedily, this scam is still worth our attention.Ī phishing scam using the real Google login systemĪs detailed on Reddit, the target would first receive an email saying “(the sender) has shared a document on Google Docs with you” with an “Open in Docs” button. You can sign-up for Google’s two-factor here.įinally, if you did click on the nasty link, you can go to your Google account settings here, which will allow you to revoke access to apps-including the fake Google Docs one.A sophisticated Google Docs phishing scam just swept the Internet. That’s because the two-factor system will ask for a second code (usually a code sent by text message) if Gmail detects someone is trying to log-on from a strange computer. If you haven’t already, make sure you have two-factor authentication set up on your Google accounts.ĭoing will help ensure that, even if hackers do trick you out of your password, they will likely be unable to use it. But there is a very good way to protect yourself. If all of this feels frightening, well, it sort of is. As my colleague Robert Hackett reported in January in the article Everyone is falling for this frighteningly effective Gmail scam, hackers (usually posing as a trusted contact) have been sending around booby-trapped documents that look like ordinary PDFs. It seems such scams targeting Google accounts are becoming more common in recent months. ![]() The counter-measures Google described are likely to stop the spread of the phishing attack but, as one security expert points out, the attacker has already had time to harvest millions of email addresses via victims’ Gmail contact lists.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |