The ‘Google Docs’ phishing attack which affected millions of users globally earlier this week (it impacted Gmail and Google Docs users) is perhaps the latest high-profile security threat affecting both smartphone and PC users. The ‘Google Docs’ phishing attack was masked as a bulk mail sent by someone known to the recipient. Those who received the mail were asked to check out a link to a Google Docs file. It landed them on a fake Google security page where they were asked to update email permissions and grant the fake docs app the permission to access their email.
By clicking on what looked like a standard mail, users ended up giving hackers control over their entire email history, attachments and contacts. With access over contact, the mail was forwarded to every user in the contact list of an infected email account. This is one of the reasons why the phishing attack infected millions of accounts in just two days time.
Google has reportedly disabled all malicious accounts and sent out updates to all Gmail users.
Hackers have been sending out emails with links to malicious websites to fool users and steal personal information from their inbox for many years now.
Here are some tricks to tackle phishing mails in the future.
Revoke access to unwanted devices and apps
First of all, if you think that your email account has been compromised to a phishing attack and someone else has access to your email, you can review the devices connected to the account by clicking on security check at here. If any of the devices which have been used to access your account in the last 28 days appear unfamiliar, you can remove the device’s access to the account. You can also revoke access to apps or services connected to your Google account at here.
Check all details in a mail
Most phishing attacks have some key identifiers. For example, in the Gmail phishing scam, one of the recipients was a user called email@example.com. The trick is to go through the entire mail carefully, including the names of senders and other receivers. Try to avoid emails asking for personal information, resetting password to an account linked to the email, or updating permissions.
Use filters to block harmful sites and links
Emails with embedded link often land users on a website which may look like a legitimate website. Spoofing the sender’s address to look real is also a common trick. Users can identify fake websites with malicious links in them by installing a firewall on their Wi-Fi networks or by adding an anti-virus on their device, which supports web scanning.