http://www.nbcnews.com/tech/security/who-s-behind-massive-gmail-phishing-attack-n754826
by Alyssa Newcomb
May 4, 2017
The Gmail phishing attack that played out across Google's billion-user email platform Wednesday afternoon was "particularly insidious" and created by someone with considerable skill, say cybersecurity experts.
The scam involved sending users a malicious link from what looked like a familiar contact; when users clicked it and logged on, the hacker gained access to their Gmail credentials, thereby getting the keys to the kingdom for a user's entire online life — and enabling the virus to replicate itself.
•••••
http://www.nbcnews.com/tech/security/massive-phishing-attack-targets-millions-gmail-users-n754501
•••••
The worm — which arrived in users' inboxes posing as an email from a trusted contact — asked users to check out an attached "Google Docs," or GDocs, file. Clicking on the link took them to a real Google security page, where users were asked to give permission for the fake app, posing as GDocs, to manage users' email account.
To make matters worse, the worm also sent itself out to all of the affected users' contacts — Gmail or otherwise — reproducing itself hundreds of times any time a single user fell for it.
•••••
While the malicious email was a dead ringer for a real message from a trusted friend, there was one key giveaway: The mail was sent to a fake email address in the main recipient field — hhhhhhhhhhhhhhhh@mailinator.com. Users' addresses were included in the BCC field.
If you received a Gmail message with the mailinator.com address as the main recipient, report it as phishing by clicking the down arrow beside the reply button and selecting "Report phishing." Then delete it.
If you do click on the malicious link, don't grant permission when the fake GDocs app asks for it.
If, unfortunately, you fell for the scam and granted permission to the hackers, go to your Google connected sites console and immediately revoke access to "Google Docs." (If you don't trust the embedded link here — which is generally a good thing — you can manually type the address into your browser: https://myaccount.google.com/security?pli=1#connectedapps)
While you're at it, it's a good idea to revoke permission for any app listed there that you don't recognize.
Finally, change your Google password.
No comments:
Post a Comment