The payload of the email is that the deception will give the keys to your GMail account to the bad guy who sent you the email. Remember it was a phishing attempt that DNC head John Podesta fell for leading to his email correspondence being leaked.
"The counter-measures Google described are likely to stop the spread of the phishing attack but, as one security expert points out, the attacker has already had time to harvest millions of email addresses via victims' Gmail contact lists.
It seems such scams targeting Google accounts are becoming more common in recent months. As my colleague Robert Hackett reported in January in the article Everyone is falling for this frighteningly effective Gmail scam, hackers (usually posing as a trusted contact) have been sending around booby-trapped documents that look like ordinary PDFs."
To read more please see the links below on Fortune's website.
A Massive Google Docs Phish Might Have Stolen A Load Of Gmail Accounts - UPDATED
https://www.forbes.com/sites/thomasbrewster/2017/05/03/massive-google-gmail-phish-many-victims/#1bbaa89b42a1
http://fortune.com/2017/05/03/google-docs-scam/
What to do (from the first article link)
"For anyone who remains concerned, there are steps they can take. First, it's possible to note the phishing attempt by just looking at the message. It'll typically say something like: "Mr. Attacker has invited you to view the following document." And the recipient will be in the BCC field. That's the first clue something phishy is going on, added to the fact that the only other visible email address in the to field is hhhhhhhhhhhhhhhh@mailinator[.]com, a temporary account on Mailinator.
Then, go to https://myaccount.google.com/permissions and revoke any permissions given to an app called Google Docs. This should prevent any problems, just in case Google hasn't managed to get rid of the app already.
And in the future, if you're not expecting a Google Doc and a link looks suspicious, don't click through before validating with the sender that it's legitimate.
There is, sadly, one big problem for victims who clicked through: the attacker could have automated their scam (likely, given how they carried out the illicit operation) and hoovered up all their Gmail already. In this case, there's not much to be done other than hope nothing sensitive was stolen or that proactive measures are being taken against those who perpetrated the hack."
No comments:
Post a Comment