 Phishing attacks are a fact of life on the internet these days, but recently, a Google Doc was used in a wide-spread, wildly successful attack that security researchers are calling one of the most advanced attacks of its class seen to date.
Phishing attacks are a fact of life on the internet these days, but recently, a Google Doc was used in a wide-spread, wildly successful attack that security researchers are calling one of the most advanced attacks of its class seen to date.
In fact, the attack was so successful, that in its aftermath, Google is rolling out additional protections to help ensure that the inevitable next attack doesn’t find the same level of success as this one did, which ultimately impacted several million users.
The recent combined a generic spam mail attack with an embedded Google Doc to try and trick Gmail users into giving up control of their email account. The company warns that any users who receive an email containing a Google Doc from a source they don’t know and trust should immediately revoke access to the document in their Google Account Settings and change their password, just to be safe.
In addition to making this recommendation, the company has announced that they’ll be rolling out a new security feature in their Android Gmail app that will mirror the action you already see when you surf to an unsafe website using the Chrome web browser. The new warning will read:
“Warning – Phishing (Web Forgery) Suspected
The site you are trying to visit has been identified as a forgery, intended to trick you into disclosing financial, personal, or other sensitive information.
You can continue to (URL) at your own risk. If you believe that this site is not actually a phishing site, you can (link)Report An Incorrect Warning(/link)”
It’s a good move, and should make a real difference in terms of limiting the next attack’s impacts. Hopefully, Apple will follow suit and implement a similar system for iPhone users. Note that the company has not released a firm ETA on when the change will be in place, but it should be regarded as “pending.”






