A Massive Email Attack Hits Google - Updates - Beware! Phishing Attack On rampage!

A Massive Email Attack Hits Google - Updates

Beware! Phishing Attack On rampage as many people  in the US and globally  have been targeted

Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.



Google UPDATE - Said 0.1 per cent of its users were affected by the attack. If previously reported figures of 1 billion users are correct, as many as 1 million will have seen their Gmail account data accessed. The tech giant however added: "We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed." This may mean actual email content was not exposed, providing some succor to victims.

 A lot of people got some suspicious looking emails in their Gmail accounts

 The malicious messages are coming from trusted and known contacts, asking  to open a Google Doc. As soon as the recipient clicks through, they are asked to give away permissions to an app (attacker) imitating Google Docs, the ability to read, send, delete and manage email, as well as manage contacts. For the user, once they've clicked through, nothing happens. But the attacker is effectively given access to people's Gmail.

It's remarkably sophisticated and spreading like wildfire. Given how many complaints Google is receiving, it's likely a lot of people were affected. For now, it looks like Google has shut the attack down by revoking the app and killing the phishing pages the attacker set up.

Phishing Attack On rampage!

What to do  - If you receive suspicious email

  • Do not click, even when the email is from your friend or close relative.
In this case, the malicious emails all appeared to come from a contact, but were actually from the address “hhhhhhhhhhhhhhhh@mailinator.com” with recipients BCCed.

 Even when you receive links from trusted contacts, be careful what you click. Spammers, cybercriminals and nation-state spies are resorting to basic email attacks, known as spear phishing, which bait victims into clicking on links that download malicious software, or lure them into turning over their user names and passwords.
  • Turn on multi-factor authentication.
Google and most other email, social media and banking services offer customers the ability to turn on multi-factor authentication. Use it. When you log in from an unrecognized computer, the service will prompt you to enter a one-time code sent to your phone. It is the most basic way to prevent hackers from breaking into your accounts with a stolen password.
  • Change your passwords immediately
If you’ve been phished, change your passwords to something you have never used before. Ideally, your passwords should be long and should not be words that could be found in a dictionary. The first things hackers do when breaking into a site is use computer programs that will try every word in the dictionary. Your email account is a ripe target for hackers because your inbox is the key to resetting the passwords of, and potentially breaking into, dozens of other accounts.
  • Report it.
How to Avoid and report phishing emails

 Report any phishing attacks to Google by clicking the downward arrow at the top right of your inbox and selecting “Report Phishing.” Companies count on those reports to investigate such scams and stop them.
A Massive Email Attack Hits Google
how to report a phishing email

Google adds new security check to Gmail for Android in the wake of devastating Docs phishing attack

  • When users click on a suspicious link, Gmail will show a warning prompt
  • Prompt warns the link is an attempt to trick you into disclosing information
  • Users will then have the option to proceed or to deleted the message
  • The update follows a a malicious scam that was flagged yesterday on Gmail
Subscribe to: Posts (Atom)