What is the “Gmail phishing scam”?
Users are reporting of an email, usually sent from an odd-sounding email id, where it says someone has shared a Google Docs file with them. When you click on the link, and then it takes to you an apps permissions page. Essentially, this is similar to a permissions page when you authorize a legitimate app to use information from your Google account.
Except the app in this case is named “Google Docs”, and this is not the real Google Docs app. As a report from BuzzFeed points out, the app wants widespread permissions for your Google account, and this is pretty dangerous. Remember your Google account is linked to your Chrome login, your Google Docs, Google Drive, has your personal information, etc. If you’ve stored passwords to other sensitive information on your Chrome linked with Google account, then such a phishing attack puts all of this data at risk.
How to verify if I have been infected and what to do if I have?
- Log into your Gmail account
- Click on “My Account” as in the graphic below
- On the left side of the screen, click on Connected app & sites, as shown below
- You’re looking for one titled “Google Docs,” but this is a good opportunity to go through the list and delete anything you don’t recognize, or anything with permissions that are far too broad. Google is already taking steps to fix this attack, so if you don’t see the Google Docs app in the list, it means you’re probably safe.
We also recommend you change the password on any account that may use your Gmail account to authenticate or used the Gmail account as a password reset method for the site. Being that they had access to all your information, emails, email address and Gmail password there is the ability to brute force hack any account that used your email as authentication or password verification. Your email account is a perfect account for hackers because your inbox is the key to resetting the passwords of, and potentially breaking into, dozens of other accounts.
Make your passwords long and distinctive. Security specialists advise creating anagrams based on song lyrics, movie quotations or sayings. For example, “The Godfather” movie quotation “Leave the gun. Take the cannoli,” becomes LtG,tTcannol1. Or look into using a password tool to store all your passwords. These tools will create very cryptic passwords and allow you to control who has access to those passwords.
As with anything IT, please call our office at (920) 759-4773 with any questions or concerns. We can also direct you on password tools!