GOOGLE HAS SHEEPISHLY CONFIRMED that millions of Gmail users were the target of a global phishing attack that spread rapidly on Wednesday.
The phishing campaign aimed to gain control of Gmail users' entire email histories by spreading a worm to all of their contacts via an emailed invitation asking them to check out an attached "Google Docs," or GDocs link. The invitation not only appeared genuine but also from a trusted contact.
Users that clicked the link were taken to a real Google security page, where they were asked to give permission for the fake app, posing as GDocs, to manage their email account. The worm then sent itself out to all of the affected users' contacts, reproducing itself hundreds of times every time the link was clicked.
Google recognised the phishing scam on Wednesday and warned users to be vigilant.
We are investigating a phishing email that appears as Google Docs. We encourage you to not click through & report as phishing within Gmail.— Google Docs (@googledocs) May 3, 2017
Enterprise security firm Agari warned that this type of attack is "different and scary"because of its ability to evade common defenses and make use of Google APIs to trick users into granting access.
"The attack didn't directly try to steal usernames and passwords like a typical phishing scam but rather tricked users into allowing complete access to their email account," said the firm in a blog post. "Typically, users have been trained to change their password when they think they have been a victim of a phishing scam. In this case, that would not solve the problem."
The firm also said that the cybercriminals who launched the attack have access to all of the victims' emails until the app is disabled.
"With that access, the criminals can use your identity to scam co-workers or relatives, reset your bank account password and steal money or harvest information to steal the victim's identity. There are an infinite number of ways a cybercriminal can monetise this kind of access."
Google released an official statement late on Wednesday to say it has addressed the issue with the phishing email claiming to be Google Docs and working to ensure no there will be no repeat of it.
"We have taken action to protect users against an email impersonating Google Docs and have disabled offending accounts. We've removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail."
If you think you were affected, Google advises that you visit its security checkup site. µ
Archaic prototype shows Redmond has come a long way in hardware design
And woe betide if you're called Mohammed too
Lack of proper comms gets a frosty reception from Project Zero's Travis Ormandy
Wine 3.0 brings support for Windows apps to Google's mobe OS