Google Warns of Wide-Spread Phishing Scam That Can Steal Your Account Info

If you get a request to view or edit a Google Docs file, you should really consider whether you really want to before clicking any links. Google is reporting an ongoing wide-spread phishing scam that will not only give cybercriminals your Google login information, but will also spam your contacts and give them access to your email.

If you have already clicked something, there is some recourse. First, change your Google password and enable multifactor authentication (MFA) if you haven’t already done so. Then, go into the Connected Apps and Sites section and revoke edit access to Google Docs to the unfamiliar account.

The link in the phishing email takes users to a login screen that looks very realistic. However, it grants access to a malicious third-party web app that is named “Google Docs.” That is where access to your account is given to the cybercriminals.

The difference between this phishing scam and others is that it takes advantage of the ability to create non-Google web apps with bogus names.

Google has disabled the offending accounts, according to a statement. It also released an update that it disabled the application as well, but still advises users not to click on links for the time being. More investigations are ongoing in an attempt to get to the bottom of it.

© Copyright 2017 Stickley on Security