It was revealed yesterday that a major phishing scam had perpetuated as a fake Google Doc file on Gmail that could hijack a user’s email account. Google has now released an official statement on the matter and has updated its Gmail app for Android with a built-in anti-phishing security feature.
Google addressed the issue on its Gmail Twitter page and said that it was investigating the Google Doc phishing scam within Gmail. “We encourage you not to click through, and report as phishing within email,” Google stated.
The phishing scam was first revealed on Twitter when users noticed they’ve received an email from someone they know attempting to share a Google Doc file. Clicking on the file will give the attacker access to the user’s Gmail account. The sophisticated attack was from a third-party app called Google Docs, which wasn’t developed by Google.
“We have taken action to protect users against email impersonating Google Docs and have disabled offending accounts,” Google said on its official Google Docs Twitter page. “We’ve removed the fake pages, pushed updated through Safe Browsing, and our abuse team is working to prevent this kind of spooking from happening again.”
Although it seems as though Google has already taken action with this latest breach of email security, users are still encouraged to report any suspected email that may have this sophisticated phishing scam. Reporting it will help Google ensure that this will be stopped for good.
Google has also sent out an update to its Gmail app for Android. The update includes an anti-phishing security check that informs users if an email might include suspected phishing attempts.
The security check works when a user taps on a link within an email that they’ve received on the Gmail app. If the link is suspected to be a phishing attack, the Gmail app will show a warning page telling users that the site that they’re trying to view has been identified as a forgery. Users will still have the option to continue to the site, and they can also report to Google that it was wrongfully identified as a phishing site.
The warning page that will appear on the Gmail Android app if users tap on a link that's suspected to be a phishing site.
"While not all affected email will necessarily be dangerous, we encourage you to be extra careful about clicking on links in messages that you’re not sure about. And with this update, you’ll have another tool to make these kinds of decisions," Google said in its blog post.
The warning page appears to look similar to the one that’s being used on Gmail’s desktop site which first rolled out just last year. It also looks like Google is using its Safe browsing database judging from the way the warning page look, as observed by Android Police. Google’s Safe Browsing database collects websites that are known to host malware or try to trick people to give up their personal information.
Unfortunately, the update to the Gmail Android app might not even help in curbing yesterday’s sophisticated phishing attack. The fake Google Docs link will actually redirect users to Google’s own website, as pointed out by Engadget.
It wasn’t made clear if the update to the Gmail app for Android is Google’s direct response to yesterday’s phishing attacks, or if its scheduled rollout is coincidence. Still, it’s good to see that Google is taking every precaution it can to protect its users.
Google has addressed the recent Google Docs phishing scam.