If you got an email from somewhere asking you to check the Google Docs file, just don’t click it! It is a phishing scam and you might hand over Gmail account and contacts to hackers.
Google has confirmed that Google Docs users were hit by a massivephishing scam, which tricked them to give away their Gmail accounts to the hackers and has rolled out anti-phishing security checks in Gmail on Android to stop this attack.The phishing attack has been spreading like a wildfire and has targeted around 100 crore users.
The whole scenario came into limelight when multiple users started complaining about the scam on the social media and that they were affected with this type of attack. For those who are not aware, phishing is basically a hacking technique which tricks users to give away the vital information like password, username, and other details by disguising as a trusted entity.
The attackers, in this case, used an already logged-in user to send this malicious link to all his/her contacts posing as a Docs file. So, as soon as the recipient clicks through, they are taken to the rogue Google page, where they are asked to give permission which includes the ability to send, read, delete and manage email, as well as manage contacts. In this way, it also bypasses two-factor authentication as well. Once a user gives all the permissions, thinking it is a valid Docs file, the hackers get the access to Gmail account and the software immediately spam out the same message to all the people on the contact list.
If you are one of those victims and then you should go the Google Permission page immediately and revoke all the permissions given to an App called Google Docs. And for the future, don’t click any suspicious Google Docs file. Though Google has deployed security measures which now automatically blocks the link, but one can also be extra careful and should double check email. The current malicious emails are all addressed to the same ‘hhhhhhhhhhhhhhhh@mailinator.com’ address.