After the Gmail Phishing Scam, These Questions Remain

The attack didn't really do anything that severe. So what gives?

Flickr / FixtheFocus

Gmail users around the world were hit hard when a widespread Gmail phishing scam took the internet by storm. Wherever you went, a torrent of friendly denizens were warning people to not to open a strange link shared via Google Docs. The noise has died down a bit, and there’s been some progress made in figuring out what exactly happened and how we can all better safeguard our information and data from malicious attackers. But stranger yet is how many questions still remain unresolved.

First thing’s first: Google just released a new update to the Gmail app on Android devices which should help prevent phishing from occurring from the start. The update essentially alerts users to the presence of any suspicious links found in the body of an email — similar to the way Google’s Safe Browsing tool will warn Chrome users that a site they are about to visit may be compromised.

That should be enough to warn many users who probably don’t have a scrutinizing eye on double checking URL links or the email address of senders in their inbox. Granted, the new phishing scam was particularly effective for its novel use of a Google Docs link — enough so that an estimated 0.1 percent of Google’s users were affected by the attack. That roughly corresponds to about 1 million Gmail accounts becoming hacked.

Nevertheless, the phishing scam’s actual damage is still immeasurable — because it really didn’t do anything. The attack would harvest a user’s contacts and forward the same dubious link to those addresses as well, but the scam didn’t actually do anything to a user’s data.

At least, not yet. It’s totally possible the scam could activate a more toxic problem in users who haven’t already excised the attack’s effects from their computer.

There’s also some chatter that the phishing scam was a research project. One user on Twitter claimed to have created the worm as part of a graduate student’s project at Coventry University in the UK. But this turns out to be fake news.

There’s a lot of fishiness surrounding this new phishing scam.

Related Tags