Yet again a well-disguised phishing scam has emerged, which has been able to fool even the most cautious of users. This time, cybercriminals have used Google Doc has a bait to scam people
Tread cautiously, if you get Google Doc invites any time soon. If you fall for it, you are not the only prey; you ‘ll spread it among your contacts as well.
Things you need to know about the attack:
- If you receive an infected link, clicking on it will redirect you to the genuine Google-hosted page, with the list of Google Accounts.
- The page will display Google Docs asking for a permission to access your data such as managing contacts and reading, deleting the e-mails.
- Once, you have given the permission by clicking on allow tab, the work of the cyber thieves is done. because you have not allowed the actual Google Docs to access the data.
- Moreover, now the permission will allow it to access all your contacts and spread the malware to everyone you have ever e-mailed.
How Do I avoid being infected?
It’s pretty hard to not get hit. But here are a few things you can check:
Google Docs doesn’t need your permission to access the g-mail account and it would not be listed on the apps permission page. So, if you see something of this sort asking for your permission, don’t fall for it.
The other thing you can do to avoid the trap is to click on Google Docs on an actual/legitimate Google Hosted page and if you see a weird developer’s info, get the hell out of there!
To be on a safer side, don’t open any e-mail from an unknown sender and don’t click on any link if you have even the slightest of doubt. Better be safe than sorry!
This is the whole flow which is grabbed by Zach Latta, Executive Director of Hack club has made a video to make it clear how the scam works –
— Zach Latta (@zachlatta) May 3, 2017
If I am already infected, how do I Fix It?
In case, you are already infected, make sure to reset your Google account’s password and check your app permissions. To know what applications have an access to your Google account, you can click on the below link–
Once you click on the list, you will get the list of app permissions. If you have Google Doc listed on the app list, click on it and you will get remove tab, click on remove and stay safe.
Google has also released a statement on Twitter regarding this scam and asked users to be aware and not click on any fishy links. Moreover, they have stated that they have scrutinized the phishing scam and have asked affected users to go to the following link to ensure their safety.
Google has intercepted the scam and is currently working to stop it from spreading further.
This is just another instance of how vulnerable the cyber space is. Even the biggest names in the tech industry are regularly falling prey to cybercrimes. Last week, both Facebook and Google reported an attack that cost them $100m each, although they could recover the sum.