Users all over the internet were greeted on Wednesday with warnings not to open seemingly trusted emails sharing a Google Docs link, because of a widespread phishing scam which snags unsuspecting victims and sneakily steals permission to access users’ Gmail accounts.
All the viral power of the internet couldn’t push the news out quickly enough, and Gmail users began mass posting to social media about having fallen victim to an ever-spreading automated cloud virus perpetuated by an attacker identified only by their forwarding address: firstname.lastname@example.org.
If you’re one of the unlucky ones who received one of these emails and clicked on the link, follow these steps to un-screw your Google settings, and hopefully protect against such attacks in the future.
By Wednesday night, Google announced it had “addressed the issue with a phishing email claiming to be Google Docs” and instructed users to visit its security check-up page. It removed the fake pages and announced its abuse team was “working to prevent this kind of spoofing from happening again.”
First and foremost, we have to reverse the changes made by the attacking phishermen. The hack works by using the victim’s mistaken authorization to access contacts, and then spamming those contacts with the same phishing link again. To remedy this, go to this page — or, if you’re fed up clicking seemingly Google-bound links today, you can also head to myaccount.google.com and select the Connected Apps tab within Security.
Once there, make sure to get rid of “Google Docs,” which of course should not need permissions to access itself.
Next, it’s time to be a good citizen. Finding out you got hacked is a bit like finding out you have an STD: It sucks to get the news, but it sucks far more to have to tell people about it. Still, that’s your responsibility. Make sure to send a warning not only to the friend whose account was used to dupe you, but anyone in your Sent Emails folder who got the same message from you. The longer your contacts go unaware that they’ve been hacked, the more likely that contacts in their own accounts will become victims as well.
This attack seems to do nothing more than propagate itself. It doesn’t steal passwords or other encrypted information, so simply removing the app’s authorization should be enough. That said, the malware could potentially be remotely activated down the road, causing more harmful effects.
As a result, it probably isn’t necessary to change your password — but since users have such horrendously insecure passwords anyway, this is probably a good opportunity to do something that should be done regularly anyway. Click here to do that, or head to your Google My Account page, then navigate to Sign in and Settings.
Note: There’s no possible change you can make that will protect against authorized apps. A clever design and layout will trick vulnerable users again and again. Be sure to always take a second look at any email or message you receive. Look for any signs of suspicious or dodgy activity. It’s always best to contact Google or another digital security provider who can verify whether something is safe to open or not.