Update: Google tells Engadget that it has taken down the responsible accounts, pulled fake pages and delivered relevant Safe Browsing updates. It could be a while before we know the full extent of the damage. Both the email and the web pages look very legitimate, so it's all too easy for even seasoned internet users to fall prey to the attack. The one thing that's for certain is the sheer scale and effectiveness of the attack. However, the company already says it's investigating the scam. It's not certain who's behind the phishing attempt, or just what the fake Google Docs app is doing. Drive was up and running as we wrote this. There have also been reports of Google Drive struggling at the same time, although it's not certain the two are related. And of course, havoc follows after that - the app spams email to everyone you've ever messaged, and bypasses Google's usual login alerts (including for two-factor authentication). If you click through and grant a bogus "Google Docs" app access to your Google account, the perpetrators can get into your email. Many people online, including more than a few journalists, have been bombarded with phishing emails (currently from a account) that try to trick you into opening a fake Google Docs link.
If you received an out-of-the-blue email purporting to share a Google Docs file, you're not alone - and whatever you do, don't click the link inside.
0 kommentar(er)
