Yesterday, a phishing attack appeared out of nowhere to infect the inboxes of people across the world. The attack relied on a weakness in Google’s own Apps system to take control of users’ Gmail accounts, and send out the spam link to users’ address books. The result was a hack that spread like wildfire: according to Google, a million accounts were compromised in just one hour.
The hack started with an email, send from a known contact, that invited you to click a link to see a Google Doc they’d shared with you. Google does send an email when a contact shares a Google Doc, so it’s not an unusual email to receive.
Once you clicked on the link inside, you were sent to a legitimate Google Apps page. It asked you to authorise an app called “Google Docs” to read, send and delete emails, which is the problem. Google Docs was a fake app, controlled by the attacker.
Speaking to the BBC, Google said that removed the attack “within approximately one hour”, via “removing fake pages and applications”.
“While contact information was accessed and used by the campaign, our investigations show that no other data was exposed,” Google said. “There’s no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup.”
However, in the time it took for Google to shut down the attack, it infected a million users. Nothing apart from email access seems to have been stolen, but that could potentially be problematic. Gmail is often used as the recovery email for other accounts, like Amazon, Apple or Facebook accounts. Users who were infected by the scam may want to keep a close eye on any important services for the next few days, and consider enabling two-factor authentication.