Gmail users are under attack in a gigantic phishing operation that’s spreading like wildfire across the internet right now.
People took to Twitter to report receiving an email that looks like an invitation to join a Google Doc from someone they know.
But when you click on the link to open the file, you are directed to grant access to an app that looks like Google Docs but is actually a program that sends spam emails to everyone you’ve emailed, according to a detailed outline of the attack on Reddit.
The practice of sending an email in order to trick someone into granting access to their personal information is called phishing, and it’s usually done for malicious reasons, like to steal credit card information or trick them into sharing their password.
Screenshots of the phishing emails that have been shared on Twitter all look like they are sent to this email address: firstname.lastname@example.org.
If you receive an email like this, do not open it. If you’re at work, alert a member of your technical support team. According to the Reddit post, if you’ve clicked “Allow” in the Google Docs prompt, you’ve been compromised.
You can visit the apps permission page of your Google account to check what apps have been given access to your account. If you see Google Docs in the list, revoke its access.
The massive phishing campaign targeting Gmail users that spread across the internet today has been disabled by Google.
The hack was carried out by sending an email that posed as an invitation to join a Google Doc by someone in your contact list.
When users clicked on the Google Doc link, they were sent to a page that actually goes to Google.com. It then requests permission for the app that the attacker wrote to access your Gmail account.
“The attacker was then given permission to read all your emails, view your contacts and send emails on your behalf and delete emails in your inbox without ever having your login information,” said Cooper Quintin, a staff technologist at the Electronic Frontier Foundation, who says he received over 400 emails from people who were compromised in the hour after news of the attack broke.
The hack works whether or not you’ve changed your password or have two-factor authentication enabled, said Quintin.
Here’s what to do if you have been (or think you have been) compromised by the attack:
- Go to your Google account management page.
- If you see an app called Google Docs, click on it to opt to revoke permission for the app to access your account.
- Then change your password, just to be safe.
- Enable two-factor authentication on your account as an extra precaution. Two-factor authentication is the option to text a code to a phone number on file for your account so only a person with both your password and your cellphone can access your account.
“It’s totally unclear what this app was doing,” said Quintin. “We still don’t know what the purpose of this phishing campaign was.”
It’s still okay to use Google Docs, since that service wasn’t compromised; the email merely pretended to be from Google Docs. Still, it’s probably best not to share any Google Docs with anyone today while people are still responding to the hack, said Quintin.
Here’s the statement from Google on the attack:
We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.