With the technology getting advanced every passing day, we hear about new and more complex ways hackers are using to manipulate the vulnerabilities in a system and getting control over it, for either personal or national motive.
A nasty malware just went viral yesterday, to which a lot of people are falling a prey to. It comes in your email as an attached Google Doc link, most probably from a known individual; someone from your contact list.
Few of the journalists in the United States newsrooms are seen warning people about this malware, which appears to be a phishing attack. According to the IT professionals, the scam looks like something of huge impact and due to its ‘undetectable nature’; it is shockingly spreading very fast.
There are two reasons that make this malware tricky and sophisticated;
- The phishing email appears legit: The invitation email that you receive to open the link in Google Doc. comes from a contact already existing in your contact list.
- The motive behind the attack and its impact is unclear: After gaining unauthorized access to your account, the hacker may also get authorization to other accounts; e.g. Personal emails, Facebook account, Online Banking etc., since most of us set our Gmail account as the default account to every other account. But, the main motivation of this attack is still unknown.
How does the malware infiltrate?
— Zach Latta (@zachlatta) May 3, 2017
The target individual/victim receives an email with a fake invitation to a Google Document and asks you to click on a button. Once you click the link, the scam immediately starts replicating itself, i.e. the same email gets sent to all of your personal contacts, with the same message and link enclosed, without you even noticing.
Once you’ve clicked on the link, you are redirected to the legitimate Google Sign-in page. You are then prompted to sign-in using your Goggle account credentials, to authorize managing; reading, sending and deleting your emails using ‘Google Docs’.
If you grant the permission, the hacker will them be able to access your emails and control it. Since most of our personal accounts, business emails as well as Android phones are commonly linked to the Gmail, in addition to it being the only ‘account recovery’ option for many other accounts, the hacker could give you a potential harm of large magnitude. With the control over your Gmail account, he may gain control over all of your other accounts; your Apple, Facebook, Amazon, Twitter etc.
This will mainly pose a great impact on the big companies, whose employees use Gmail for business transactions.
How to prevent getting affected?
In order to prevent getting affected by the scam, it is very important that you do not click on any links of Google Doc which you were not expecting to receive, whether it may have been received from a known individual or an unknown person.
If you have received an email that you are not sure about, from a friend in your contact list, always check with them personally, from an external source; through a call or text, to ensure the safety and eliminate any potential risk, before clicking on the link or opening it. If that friend denies sending any such email, you must delete the email immediately, to prevent opening it by mistake.
In case you feel concerned that your account may have been compromised, the best measure is to visit Google account security page and reset your permissions.
Go to ‘Manage Apps’, find ‘Google Docs’ and revoke permissions.
What to do if already affected?
- If you have become a victim by clicking on the Google Doc link and granted the permission to the hacker, you must immediately set up a two-factor authentication on your account, and link it to your cell phone number or any other email account.
- You may also manually remove the permissions of the forged “Google Docs” App from your personal Google account. For that, follow the following steps:
Go to myaccount.google.com> Sign-In> Security> Connected Apps.
Now go through the list of connected apps and delete any app that you do not recognize as yours.
Google issued a statement this afternoon stating that measures have been taken to halt the spread this attack.
“We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”