{"id":316532,"date":"2017-05-04T15:35:23","date_gmt":"2017-05-04T15:35:23","guid":{"rendered":"http:\/\/citifmonline.com\/?p=316532"},"modified":"2017-05-04T15:35:23","modified_gmt":"2017-05-04T15:35:23","slug":"google-docs-users-hit-by-phishing-scam","status":"publish","type":"post","link":"https:\/\/citifmonline.com\/?p=316532","title":{"rendered":"Google Docs users hit by phishing scam"},"content":{"rendered":"

Google says it has stopped a phishing email that reached about a million of its users.<\/p>\n

The scam claimed to come from Google Docs – a service that allows people to share and edit documents online.<\/p>\n

Users who clicked a link and followed instructions, risked giving the hackers access to their email accounts.<\/p>\n

Google said it had stopped the attack “within approximately one hour”, including through “removing fake pages and applications”.<\/p>\n

“While contact information was accessed and used by the campaign, our investigations show that no other data was exposed,” Google said in an updated statement.<\/p>\n

“There’s no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup.”<\/p>\n

During the attack, users were sent a deceptive invitation to edit a Google Doc, with a subject line stating a contact “has shared a document on Google Docs with you”.<\/p>\n

The email address hhhhhhhhhhhhhhhh@mailinator[.]com was also copied in to the message; Mailinator, a free email service provider has denied any involvement.<\/p>\n

If users clicked on the “Open in Docs” button in the email, they were then taken to a real Google-hosted page and asked to allow a seemingly real service, called “Google Docs”, to access their email account data.<\/p>\n

\"Email<\/span><\/figure>\n

By granting permission, users unwittingly allowed hackers to potentially access to their email account, contacts and online documents.<\/p>\n

The malware then e-mailed everyone in the victim’s contacts list in order to spread itself.<\/p>\n

“This is a very serious situation for anybody who is infected because the victims have their accounts controlled by a malicious party,” Justin Cappos, a cyber security professor at NYU, told Reuters.<\/p>\n

‘Too widespread’<\/strong><\/p>\n

According to PC World magazine, the scam was more sophisticated than typical phishing attacks, whereby people trick people into handing over their personal information by posing as a reputable company.<\/p>\n

This is because the hackers bypassed the need to steal people’s login credentials and instead built a third-party app that used Google processes to gain account access.<\/p>\n

The Russian hacking group Fancy Bear has been accused of using similar attack methods, but one security expert doubted their involvement.<\/p>\n

“I don’t believe they are behind this… because this is way too widespread,” Jaime Blasco, chief scientist at security provider AlienVault, told PC World.<\/p>\n

Google said the spam campaign affected “fewer than 0.1%” of Gmail users. That works out to about one million people affected.<\/p>\n

Last year, an American man pleaded guilty to stealing celebrities’ nude pictures by using a phishing scam to hack their iCloud and Gmail accounts.<\/p>\n

And in 2013, Google said it had detected thousands of phishing attacks targeting email accounts of Iranian users ahead of the country’s presidential election.<\/p>\n

–<\/p>\n

Source: BBC<\/p>\n","protected":false},"excerpt":{"rendered":"

Google says it has stopped a phishing email that reached about a million of its users. The scam claimed to come from Google Docs – a service that allows people to share and edit documents online. Users who clicked a link and followed instructions, risked giving the hackers access to their email accounts. Google said […]<\/p>\n","protected":false},"author":14,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jnews-multi-image_gallery":[],"jnews_single_post":[],"jnews_primary_category":[],"jnews_social_meta":[],"jnews_override_counter":[],"footnotes":""},"categories":[106],"tags":[225,6805],"class_list":["post-316532","post","type-post","status-publish","format-standard","hentry","category-technology","tag-google","tag-phising-scam"],"_links":{"self":[{"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/posts\/316532","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/citifmonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=316532"}],"version-history":[{"count":0,"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/posts\/316532\/revisions"}],"wp:attachment":[{"href":"https:\/\/citifmonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=316532"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/citifmonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=316532"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/citifmonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=316532"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}