Google Docs phishing attack: Google tightens security

Google vows to do more to prevent a repeat of last week’s Google Docs phishing attack

Google has tightened it’s security and updated it’s safe browsing feature that warns users when they are visiting are dangerous site.

What’s the deal?

Last week, a phishing attack hit approximately 1 million Gmail users. The email infects users by imitating a Google Docs attachment, featuring a subject line claiming that “[Contact] has shared a document on Google Docs with you”. Once opened, convinced users input their credentials into a fake sign-in page, similar to the previous attack which hit users back in February. By agreeing to share their data through the fake log in window, users were potentially giving hackers access to their email account, online documents and contact list.

What’s the latest on the attack?

Google says it has stopped the phishing email from circulating by closing down fake pages and applications, and updating it’s Safe Browsing system.

To prevent further Google Docs phishing attacks, Google says it will tighten enforcement of the OAuth system it uses for linking third-party apps to Google accounts.

How to spot a phishing attack

One telltale sign for identifying the latest Gmail Phishing spam is to look out for the address hhhhhhhhhhhhhhhh@mailinator.com. Victims say that the email sender may appear to be from someone they know or somebody on their contact list.

How you can stay protected

Ensure your data is backed up. A cyber attack such as this puts your corporate data sources at risk of being accessed by criminal hackers. Data can then be erased, held at ransom or tampered with. The best way to avoid this, is by ensuring that your data is backed up.