On Wednesday a massive phishing attack surged through Gmail targeting about 1 billion users worldwide.
If you've recently received a random invite from a contact to view a Google Doc in your Gmail inbox, do not open it.
Yesterday an advanced phishing attack was spread throughout Gmail with the intent of gaining control to a user's account. The malicious emails were all sent from the main user of "firstname.lastname@example.org" with the recipients BCCed in from contacts on their list. When the link attached to the email was clicked it would redirect the user to an official Google login security page. From there it prompt users to give permissions for the fake "Google Doc" app to their accounts.
What makes this attack so dangerous is that social engineering was the driving factor for this attack to go viral. Users would see the document was from someone they knew within their contacts and open the email. Once users gave access to the infected app, it combed through their contact list and would repeat the same malicious behavior.
With control of a Gmail account it is possible for hackers to access sensitive data. Other online accounts associated with the compromised Gmail could potentially reset passwords, gain access to online shopping services (Amazon, Ebay, QVC, etc), online banking accounts, and more.
Google has since been aware of the attack and disabled all compromised accounts and pushed updates to them. Fewer than 0.1% of Gmail users were reported to be infected which is still around 1 million. Journalists and educational organizations seem to have been the hardest hit of this attack as many fled to Twitter to warn other users.
This morning Google released an official statement regarding the attack:
"We realize people are concerned about their Google accounts, and we're now able to give a fuller explanation after further investigation. We have taken action to protect users against an email spam campaign impersonating Google Docs, which affected fewer than 0.1% of Gmail users. We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems. We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed. There’s no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup.”
If you or someone you know fell for this attack and granted permission to the hackers, you can go to your Google connected sites console and immediately revoke access to "Google Docs."
These types of attack reappear every so often in emails so it's important to remain vigilant. If you are not expecting an email and it includes an attachment of any sort, do not open it.