For many the warning about the phishing scam targeting GMail users came too late. The email messages appeared harmless and many clicked the link, not suspecting they were under attack.
Brandon Joiner of Ribbit Computers explains phishing scams involve sending out blast emails to tens of thousands of people.
'They are trying to see if they can hook anybody, or take the bait so to speak and click on the link. They are hoping to get personal information or credit card information at that time."
This phishing scam is particularly convincing because the emails appear to come from accounts you know.
Google confirms it is investigating what it calls a phishing email and is telling customers not to open their emails.
The company issued the following statement:
"We have taken action to protect users against an email impersonating Google Docs & have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail."
You can read original post on how it works and how to avoid it, but that doesn’t really help if you’ve already clicked the link. Here’s how to fix the Google Doc hack, for anyone already compromised.
The Docs attack works by tricking you into authorising a fake app, called “Google Docs,” and allowing it to read, send and delete your emails. The kind of damage a hacker can do with that access is huge: most of your other accounts probably use Gmail as the “reset account” email, so it would theoretically let a hacker get control of your Apple, Amazon, Facebook and Twitter accounts — just for starters.
Luckily, because the hack uses Google’s own Apps system to gain control, it’s also easy to delete. Go to Google’s account management page, Sign-In and Security, and then Connected Apps. Once you’re there, hit the button that says “Manage Apps” to see the full list of apps and permissions.
You’re looking for one titled “Google Docs,” but this is a good opportunity to go through the list and delete anything you don’t recognize, or anything with permissions that are far too broad. Google is already taking steps to fix this attack, so if you don’t see the Google Docs app in the list, it means you’re probably safe.
This attack was unusual for using Google’s own Apps framework to target users, but emails with links are not an unusual way to hack users. Nimrod Vax, the co-founder of security firm BigID and an expert on phishing attacks, described it as a “classic spear-phishing attack” that “works because it looks familiar.”
Going forward, he suggests using this opportunity to “really look at what permissions an app is asking for” — using Google’s account system was clever, but if you “look at permissions before you authorize an app, you can see what if what they’re asking for is unusual. There’s no reason a PDF reader would need to read and delete emails.”
If you’ve been phished, change your passwords to something you have never used before. Ideally, your passwords should be long and should not be words that could be found in a dictionary. The first things hackers do when breaking into a site is use computer programs that will try every word in the dictionary. Your email account is a ripe target for hackers because your inbox is the key to resetting the passwords of, and potentially breaking into, dozens of other accounts.