A clever phishing scam pretending to be a trusted document from Google Docs showed up in Gmail inboxes today. Users should take every measure to ensure attachments are from a trusted sender. Google confirmed the existence of the vulnerability; advising users to immediately report and delete any such messages. Google has also closed the accounts sending out these poisoned documents, so, users can go back to managing their inbox with less apprehension.
Nervous? Extra Security Precautions you can Take
Google advises users who believe they might have been compromised to immediately perform a security check up at http://g.co/SecurityCheckup.
Be sure to run the security check across all your devices including smartphones and your PC. For example, a user detected their smartphone was infected by the phishing scam. Although we can’t verify this, best not to take any chances.
If you’re an IT admin responsible for Google Apps in the enterprise, you will need to inform users to manually perform the security check up. There is currently no automated solution for G Suite Admins to perform a bulk check up — sorry. This is also a good time for users to make sure their accounts are secure by changing and
This is is a good reminder that bad guys are out there. Now would be a great time for users to change their passwords online, creating a strong passphrase/password. As always, here at gPost, we also recommend users enable two-factor authentication for all your online accounts. It’s 2017 folks, passwords just don’t cut it anymore — which is why even Microsoft is moving away from passwords slowly…
Google has gained a strong reputation for security over the years. Its infrastructure is based purely on open source technologies with many layers of redundancy. But even for an Internet giant, there are always constant attacks coming from every angle. Today’s phishing scam is not the first attempt at duping users, other forms of social engineering include fake pages pretending to Google services. Users need to be aware of these common methods of attack and look for the obvious signs. Be sure to review our tips for protecting your account from social engineering hacks.