Earlier this year, a nasty and somewhat sophisticated phishing scam targeting Google users began spreading rapidly. The phishing campaign worked by sending unsuspecting users a message indicating that someone from within their contacts list had shared a Google Doc with them. An accompanying link would then whisk users away to an actual sign-in page from Google whereby they were then prompted to authorize a fake app masquerading as “Google Docs.” Once authorized, the folks behind the campaign were able to attain access to a user’s emails and contact list and cause all sorts of harm.
In the wake of that attack, Google has begun implementing additional security features to prevent similarly designed phishing schemes from gaining traction. First and foremost, any time a user encounters an unverified app seeking to link itself to Google’s own apps, users will be presented with a warning indicating that the app is unverified.
“These new notices will inform users automatically if they may be at risk,” Google said in a new blog post, “enabling them to make informed decisions to keep their information safe, and will make it easier to test and develop apps for developers.”
Google also notes:
In the coming months, we will continue to enhance user protections by extending the verification process beyond newly created apps, to existing apps as well. As a part of this expansion, developers of some current apps may be required to go through the verification flow.
The new security measure can be seen below.