Google has issued a warning to all Gmail account users regarding a sophisticated online scam targeting the Google Docs platform in the form of emailed fake links.
These “phishing” attacks involve harmful emails disguised as messages from user’s existing contacts, widely affecting institutions and journalists as of Wednesday.
“We are investigating a phishing email that appears as Google Docs. We encourage you to not click through, & report as phishing within Gmail,” Gmail announced via its official Twitter account.
Initially, the widespread scope of this spam campaign remained unclear.
Multiple reporters stated they had received messages from known contacts delivered to “[email protected]” with their personal emails copied into the message.
When clicked, the link sent users to a webpage that appeared legitimate at first glance, requesting to provide Google Docs with access to personal contacts and emails.
By Wednesday afternoon, Google posted an official statement claiming that the issue had been resolved:
“We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts,”
“We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again.”
Although phishing scams may not be a new phenomenon, the manner of this week’s widespread attacks was certainly unexpected.
Mike Rogers, a previous FBI Agent and author of a Daily News segment called World War E discussed cyber security issues such as these indicating, “spear-phishers can trick even the most sophisticated users.”
“Hackers will troll your social media accounts, use the deep and dark web to acquire information and then tailor that message just to you,” Rogers pointed out in one of his videos.
He warned against clicking on links that were received from any suspicious source, and that if users feel they have somehow been compromised, they should immediately notify their banks, request a full credit report, and most importantly, change all previous passwords associated with their accounts.