Gmail users warned of phishing email with malicious link
The hackers use known contacts to gain access
Alphabet Inc. warned its users to beware of emails from known contacts asking them to click on a link to Google Docs after a large number of people turned to social media to complain that their accounts had been hacked.
"We are investigating a phishing email that appears as Google Docs," the company Tweeted from its Google Docs account on Wednesday. "We encourage you to not click through and report as phishing within Gmail."
We are investigating a phishing email that appears as Google Docs. We encourage you to not click through & report as phishing within Gmail.—@googledocs
(1 of 3) Official Google Statement on Phishing Email: We have taken action to protect users against an email impersonating Google Docs...—@googledocs
(2 of 3) & have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team...—@googledocs
(3 of 3) is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.—@googledocs
Google said on Wednesday that it had taken steps to protect users from the attacks by disabling offending accounts and removing malicious pages.
"Our abuse team is working to prevent this kind of spoofing from happening again," the company said in an email to Reuters.
Users are asked to click on a link to view a document, which provides the hackers access to the contents of their Google accounts, including email, contacts and online documents, according to security experts who reviewed the scheme.
"This is a very serious situation for anybody who is infected because the victims have their accounts controlled by a malicious party," said Justin Cappos, a cyber security professor at NYU Tandon School of Engineering.
Cappos said he received seven of those malicious emails in three hours on Wednesday, an indication that the hackers were using an automated system to perpetrate the attacks.
He said he did not know the objective, but noted that compromised accounts could be used to reset passwords for online banking accounts or provide access to sensitive financial and personal data.
Google did not respond for requests to comment beyond its Tweet and other security experts said that victims should remove the hackers from their accounts as soon as possible.
"The point of the attack isn't clear yet, but it could be a pre-cursor to some larger attack they're planning," said Matthew Gardiner, a security expert with email security firm Mimecast.