The malicious messages are coming from trusted contacts, asking them to open a Google Doc. As soon as the recipient clicks through, they are asked to give away permissions to an app imitating Google Docs, namely the ability to read, send, delete and manage email, as well as manage contacts. For the user, once they've clicked through, nothing happens.
It's remarkably sophisticated and spreading like wildfire. Given how many complaints Google is receiving on Twitter, it's likely a lot of people were affected. For now, it looks like Google has shut the attack down by revoking the app and killing the phishing pages the attacker set up.
" The first clue something phishy is going on, added to the fact that the only other visible email address in the to field is hhhhhhhhhhhhhhhh@mailinator.com, a temporary account on Mailinator."
What happens if you click the link? What we should do?
- Go to your Gmail accounts permissions settings at https://myaccount.google.com and Sign-in.
- Go to Security and Connected Apps.
- Search for "Google Docs" from the list of connected apps and Remove it. It's not the real Google Docs.
Hello, Viewers We offer timely analysis and in-person experiences that form the basis of our professional articles. Our editorial section is a reflection of the emerging technology trends. Our tagline “Fresh News of Technology and More” tries to address the same diversity. 
No comments:
Post a Comment