Gmail users, beware: A sophisticated phishing scam targeting Google’s 1 billion active email users worldwide is making the rounds. The malicious email campaign impersonates Google Docs.
According to the New York Times, Google says it has already disabled the accounts responsible for sending out the phishing scam. The tech giant also updated its systems to block similar attacks.
Still, it’s estimated that as many as 1 million users have been impacted by the scam, Business Insider reports.
Here are four things you should know about the Google Doc scam:
How does it work? The scam involves an email from someone posing as a friend or trusted contact. The email encourages you to check out an attached Google Docs file. Once you click the link, you are asked to give the sender access to your Google contact list and Google Drive. Then, the nasty worm sends itself to your entire contact list, “reproducing itself hundreds of times any time a single user fell for it,” NBC News reports.
Who is impacted? Google estimates the phishing scam has impacted fewer than 0.1 percent of its email users, but that would be about 1 million people.
What should you do if you have Gmail? Don’t click on a Google Docs file unless you can verify that it’s a real file. According to the New York Times:
Spammers, cybercriminals and, increasingly, nation-state spies are resorting to basic email attacks, known as spear phishing, which bait victims into clicking on links that download malicious software, or lure them into turning over their user names and passwords.
What should you do if you already clicked on the Google doc? The New York Times says you should go to your Gmail account’s permissions and simply revoke access to Google Docs. It’s also a good idea to change your account password. Then make sure you report the phishing attack to Google by selecting the down arrow at the top right of your Gmail inbox and clicking on “report phishing.
Have you ever been hacked? Share your thoughts below or on Facebook.