1. Beware! Gmail scam can steal your email data; here’s how to fix Google Docs issue that gives your personal info to hackers

Beware! Gmail scam can steal your email data; here’s how to fix Google Docs issue that gives your personal info to hackers

If someone from your contact list is sending you emails as an invitation to edit a file on Google Docs, beware, it may be a phishing scheme spam.

By: | Published: May 4, 2017 12:10 PM
gmail, google, gmail error, gmail issue, google error, google issue, google blog, gmail blog, gmail account, gmail log in, gmail account log in, gmail sign in, gmail account sign in, email sign in, gmail news, google news Google has warned users about opening emails from contacts which ask them to click on a link to Google Docs. Social media has been abuzz with complaints that their accounts had been hacked.

If someone from your contact list is sending you emails as an invitation to edit a file on Google Docs, beware, it may be a phishing scheme spam. In the attack, you might get an emailed invitation from someone you may know, which can take you to an actual Google sign-in page. The page might then show a dialog box which says ‘continue to Google Docs.’ But this is where the problem lies. ‘Google Docs’ is merely the name of an unknown third-party application which could be used by hackers to obtain access to your email data.

Google has warned users about opening emails from contacts which ask them to click on a link to Google Docs. Social media has been abuzz with complaints that their accounts had been hacked. Meanwhile, Google Docs, from its Twitter account wrote: “We are investigating a phishing email that appears as Google Docs. We encourage you to not click through and report as phishing within Gmail.”

The basic difference between a normal email phishing scam and this type of an attack is that, while the former takes you to a fake page (easily recognisable from the URL address), the latter works inside the Google system. The phishers basically misuse the loophole where a non-Google app can be created with dummy names. So, if you have already clicked such a link, your Gmail account could have sent spam messages to most of your acquaintances in the contact list. Yet future access can be revoked using Google’s ‘Connected Apps and Sites’ option. It is also imperative that you inform anyone who had sent you the email, that their Gmail account is compromised.

Google has said, “We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts.” It added: “We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”

While Google has said that it had resolved the phishing attack issue, it is unclear what or who caused it; nor do we know how far it has spread. Also, you should know, that since Google has removed the name Google Docs from the phishers, they may still be present under the name: ‘apps.googleusercontent.com’.

Here are a few points about the attack:

1. It uses the usual Google login system.
2. It works under the name “Google Docs”
3. The attack can only be recognised as fraud if you click “Google Docs” and also grant permissions.
4. The phishing attack replicates itself and sends similar texts to all your contacts.
5. It bypasses all 2-factor authentication as well as login alerts.
6. Scam emails could be sent to anyone you have ever emailed using the ID.

  1. No Comments.

Go to Top