A sophisticated malware has been making the rounds online. Over the past few days, Google users have been complaining about being subjected to phishing. Disguising themselves as emails, ads, or websites, phishing scams ask users to provide personal information such as usernames, passwords, social security numbers, bank account data, or birthdays.
Image : shutterstock
Several users have received an email from a contact in their list, asking them to click on a given link to be opened in Google Docs. The mail is addressed to ‘firstname.lastname@example.org’ and blind-copied to the users. When opened, a bogus third-party app is granted access to the email IDs of all the contacts in the user’s list. Consequently, everyone in their contact list receives this spam email. These users also opened it, further continuing the chain. Some have reportedly also compromised their passwords and personal information.
Google, for its part, has reported that it is aware of the problem and is doing its best to fix it. “We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again,” a spokesperson said in a statement.
The company has also declared that according to its policy, it never asks for personal information such as bank details, passwords, social security numbers, and more along these lines. It discourages users from giving out such personal information in response to any email, link, or survey that they may receive from ‘Google’. It also added that in case its users do receive such suspicious messages, they should report them without a second’s thought. The reason this particular scam is deemed sophisticated is due to the fact that it is working within Google’s system with a third-party web app that has a deceptive name.
To ensure that you do not fall trap to this scam mail, for the next few days whenever you do receive a link to open a document in Google Docs from a contact, you should check with him or her, outside Google, whether they actually sent it to you. In case you are one of the unlucky few who have clicked on the link, then some of the immediate steps you can take is to disconnect from the Wi-Fi, back up your personal data, and then reconnect with Wi-Fi to run a malware scan to see if any information has been compromised. If you want to be more cautious, then you can even change the passwords of your Facebook, Instagram, and Snapchat IDs as well.