Google has confirmed that Google Docs users were hit by a major phishing attack which arrived in users inbox posing as an email from a trusted contact and asked users to check a Docs file. The fast spreading phishing attack has targeted around 100 crore users.
[HTML1]
Google has confirmed it has now fixed the phishing attack and they are working on preventing similar attacks moving forward. The phishing attacked asked users to click on the fake Google Doc link to view a document following which they are taken to a real Google page prompting you to select an account following which they are taken to a new page asking that they allow “Google Docs” to access the account.
The attack bypasses two-factor authentication and login alerts. This provides the hackers access to the contents of their Google accounts, including email, contacts and online documents. Take a look at this Reddit post to know more about the phishing attack. If you did happen to click on the malicious link and allowed attackers into your account, you can revoke that access by heading to Google permissions page. You can just revoke the permission to the app titled Google Docs and then change your password.
Meanwhile, Google has released a new security feature in Gmail on Android for a safer email experience. When you click on a suspicious link in a message, Gmail will show a warning prompt helping you keep your account safe. Google is advising users to be extra careful about clicking on links in messages that you are not sure about.