A clever phishing scam attacked Gmail customers today. Here’s what happened and what you should to immediately if you have a Gmail account.
Today, a clever phishing scam pretending to be a trusted document from Google Docs showed up in Gmail inboxes. Users should take every measure to ensure attachments are from a trusted sender. Google confirmed the existence of the vulnerability, advising users to report and delete any such messages immediately. Google has also closed the accounts sending out these poisoned documents, so users can go back to managing their inboxes with less apprehension.
Nervous? Extra Security Precautions you can Take
Google advises users who believe they might have been compromised to immediately perform a security check-up at http://g.co/SecurityCheckup.
Be sure to run the security check across all your devices, including smartphones and your PC. For example, a user detected the phishing scam infected their smartphone. However, we can’t verify this, best not to take any chances.
If you’re an IT admin responsible for Google Apps in the enterprise, you must inform users to perform the security check-up manually. There is currently no automated solution for G Suite Admins to perform a bulk check-up — sorry. This is also a good time for users to make sure their accounts are secure by changing and
This is a good reminder that bad guys are out there. Now would be a great time for users to change their passwords online, creating a strong passphrase/password. As always, here at gPost, we also recommend users enable two-factor authentication for all their online accounts. It’s 2017, folks; passwords just don’t cut it anymore — which is why even Microsoft is moving away from passwords slowly…
Google has gained a strong reputation for security over the years. Its infrastructure is based purely on open source technologies with many layers of redundancy. But even for an Internet giant, there are always constant attacks coming from every angle. Today’s phishing scam is not the first attempt at duping users; other forms of social engineering include fake pages pretending to Google services. Users need to be aware of these common methods of attack and look for the obvious signs. Be sure to review our tips for protecting your account from social engineering hacks.