A new and elaborate technique of phishing via email is wreaking havoc on the internet these days using an email service provider as popular as Gmail. In fact, employees of several companies that employ Google for their work are suffering their consequences as well as other private clients of Gmail.
Eye because this phishing could happen both on your computer, have the operating system you have, as on other devices from Apple or Android, as it affects your Google email account but could come from your iPhone or iPad from the browser or From your native email app manager or Google’s own. Do not miss how it works to be forewarned.
How this Gmail phishing works
It all starts with an email from a known contact where you’ll see that that person shares a Google document with you, that is, you can click on it to view, download, modify or add it to your Drive. So far all normal.
Innocently, you click and then you’re redirected to a legitimate Google page where everything seems so secure that you have to re-enter your email and password to enter. As always, choose your account from the ones you have in your device and you proceed.
At that moment appears a page that looks original in which you will see an app called Google Docs asking for authorization to manage your emails. And you’ve already fallen into the trap because the Google Docs app is authorised to read, send and delete emails … but it is not from Google but is controlled by hackers. From this moment, many emails will be sent from your account to your contacts to extend the phishing.
I imagine you can get the idea of the terror that causes hackers to have control of your account: personal and professional matters, passwords from other websites like Apple, Amazon, Facebook, Twitter, access to your photos and files … Everything you have Communicated with Gmail is potentially endangered.
How to protect yourself from this phishing
To protect you, today all you can do is delete any email that offers you a link to a Google Doc unless you can verify personally that the person who sent you the email has done so consciously. If you’ve already clicked on the link, you should turn on double-factor verification on as many sites as you can, so you have to use another device.
Another additional step is to remove the permissions for this fake Google Docs app from your Google account. Go to the web myaccount.google.com, to the section Sign-In and Security > Connected Apps. From there, look at what apps have permission and delete those that are strange.