Last week, Google identified a phishing scheme that could affect your google drive. The official Google statement says that this has been rectified and has been taken of care.
We are here to give the best and up to date information about the issue and a way to prevent this from happening. Here, we are going to provide what exactly happened and how important it is to keep an eye on the emails that you receive which helps you not to be a victim of phishing.
What happened: There was an massive phishing campaign which has started aiming at Google users last week. The hack was carried out by sending an email that posed as an invitation to join a Google Doc by someone in your contact list.
When users clicked on the Google Doc link, they were sent to a page that actually goes to Google.com. It then requests permission for the app that the attacker wrote to access your Gmail account.
This would allow the attacker to read your emails contacts and other actions such sending email behalf, deletes emails from your inbox, etc..
Actions by Google: In an attempt to fix this threat. Google has successful in blocking this phishing campaign and updated all its security features. Below was an official statement by Google.
“We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”
Aftermath: Although Google has managed to fix the issue. There is always a chance for this to repeat again using third party apps which could deceive you.
I always remember this old saying “Prevention is better than cure”. There are ways that you can get away from this phishing emails Below are a few things that you can check before tempted to click on any emails.
- Think before you click - Have a second before you click on anything in your email.
- Keep an eye on shared documents - Always check who has access to your shared documents.
- Know your URLs - Get familiarise your URLs how they are typically.
- Report anything that is Phishy - Always report if you found anything dodge. Let the experts handle them. It is okay to ask for help, that’s why we are here for.
Another recommended way is to set up a two factor authentication. If you want to know more about it, please follow the link below. Please be aware that this process would include your smart phone. Caution must be taken if you are setting this up.
https://www.howtogeek.com/105041/how-to-secure-your-google-account-with-google-authenticator/
Under any circumstance you feel that you received a dodge email or attachment. Please Do NOT try to open and attempt to fix it by yourself.
Please log a ticket with ISG by logging into the ISG Supportal. We are here to help you.
