Intrepid hackers on Wednesday initiated a highly sophisticated Google Docs phishing attack that spread like wildfire. Using Google’s own services, the hackers were able to trick users into clicking on what seemed like a valid Google Docs link. That’s how they were able to ready your Gmail and then forward the attack to everyone you’ve ever emailed. That’s what made the attack so efficient, and so viral, as people are more likely to click on links received from people they know.
While we have already told you how to fix the problem yourself, you should know that Google eliminated this threat. That’s right, Google fixed the problem for now. Copycat attacks may still happen at least until Google issues a permanent fix in place.
— Google Docs (@googledocs) May 3, 2017
“We have taken action to protect users against an email impersonating Google Docs and have disabled offending accounts,” Google said in a series of tweets. “We’ve removed the fake pages pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”
The language there is pretty clear. This sort of attack is still possible, but don’t be alarmed just yet. As long as you question everything in your inbox that looks shady you should be fine. It’s really easy to check whether your friends or work colleagues sent you that email or not.
In addition to issuing a formal comment to address the matter, Google also provided Gmail users with a link to perform a quick Security Checkup and see if they were affected. Just visit this link to get started.