Google picked an unusual mode of response to the Google Docs Phishing Scam that’s being reported by news and media sites today – Twitter! In a series of tweets, @googledocs told the public what they did, and what users should do.
The Google Docs scam in question has affected corporate and individual users alike, and essentially starts off with an email received from a known contact. Text in the email tells you that the contact has shared a document (Google Docs) with you, and offers a link. The link takes you to a Google Sign-in page that you typically see while authorizing an app. In this case, it’s Google Docs.
Until now, everything is legit, because you’re actually signing into a Google account. But the Google Docs app that asks for your permission to “read, send and delete emails” is controlled by the hackers. Once you authorize it, it proceeds to send several emails to your own contacts with a similar link to the one you received.
We don’t know what the hackers have been doing with the access they gain, but it’s potentially disastrous for users, especially users of Gmail for Business. Every bit of information in your inbox is now exposed to the hackers.
Google’s response:
(1 of 3) Official Google Statement on Phishing Email: We have taken action to protect users against an email impersonating Google Docs…
— Google Docs (@googledocs) May 3, 2017
(2 of 3) & have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team…
— Google Docs (@googledocs) May 3, 2017
(3 of 3) is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.
— Google Docs (@googledocs) May 3, 2017
So they’ve found out where the emails first originated, and disabled them. They’ve also quickly pushed security patches via Safe Browsing, and have assured users that an internal team called the “abuse team” is trying to figure out how to prevent this sort of thing from recurring.
Google also asks users to report phishing emails in Gmail, but fails to tell us exactly how to do that. In fact, even I didn’t know how to do that until I Googled it!
Here’s what you do:
Open the offending email
You’ll see a down-arrow next to reply on the top right-hand side of the email (not the page, the email)
Click on that down-arrow, and look down that list
Right below ‘Report spam’ you’ll see ‘Report phishing’
- Click on that, and you’re done
Here’s a screenshot to help you out:
Hopefully, that’ll help you the next time you receive a suspicious email asking for your personal details. Reporting spam is easy because there’s a big button right on top of the Gmail webpage, but reporting phishing, apparently, is something you’ll have to “fish” for before you find it.
Thanks for visiting! Would you do us a favor and please like our Facebook page and follow us on Twitter. It would mean a lot to us. Thank you.