The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

Monday, 16 September

What's Up Docs?

A Google spokesperson has told ThisWeekinFM: “We realise people are concerned about their Google accounts and we're now able to give a fuller explanation after further investigation.

"We have taken action to protect users against an email spam campaign impersonating Google Docs, which affected fewer than 0.1% of Gmail users.

"We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems.

A phishing scam email had reached over a million Google Docs users - it contained a linked that would have allowed those behind the scam to hack into email accounts. Google said it acted incredibly quickly - within an hour of first becoming aware of the problem. However, the reaction indicates just how authentic looking the scam was.

Our spokesperson continued: "We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed. There’s no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup.”

Those who were potentially at risk had been send a 'shared document' and asked to edit it (one of the popular Google Doc functions is the ability to collaborate and edit shared documents). The document was actually hosted on a real Google Docs page but had been placed there by a phoney which asked for access to email account data (which would then lead to the victim's contacts being emailed with the same scam). The sophistication of the scam involved the data being automatically collected via an app once permission had been given by the victim.

Picture: A phishing scam email reached over a million Google Docs users - it contained a linked that would have allowed those behind the scam to hack into email accounts

Article written by Robin Snow

Share



Related Articles

Do You Do Data? EU GDPR to Enter British Law

In a statement of intent (made on Monday 7), the government has committed to updating and strengthening data protection laws through a new Data Protection Bill. The...

 Read Full Article
If Dolly Can Be Hacked, What About The Hand Dryer?

  Connected toys with Bluetooth, wi-fi and mobile apps may seem like the perfect gift for Christmas. But Which? has found that, without appropriate safety...

 Read Full Article
Yahoo Cyber Breach Was Bigger

Yahoo has announced (week ending Oct 6) that it is providing notice to additional user accounts affected by an August 2013 data theft previously disclosed by the company...

 Read Full Article
Logins Could be a Rotten Affair

Relying on 'auto-fill' to complete the login process for websites as well as storing bank card details to shopping sites such as eBay and Amazon can make for...

 Read Full Article
Get Safe Online Week 2015

The UK public has been left feeling vulnerable following an increase in highly personalised cybercrimes according to Get Safe Online, the joint public private internet...

 Read Full Article
Count-down to Disaster - NCA Opens Two Week Window to Prevent UK-wide ŁMillions Fraud

The UK's national Crime Agency (NCA) yesterday announced a two week opportunity to reduce a threat from a powerful new computer attack. It urged businesses and...

 Read Full Article
Andromeda Strained - International Cyber Op Dismantles Botnet

On November 29, the Federal Bureau of Investigation, in close cooperation with the Luneburg Central Criminal Investigation Inspectorate in Germany, Europol’s...

 Read Full Article
McDonalds Security Contractor In 'Remove Your Hijab' Scandal

Thursday evening, November 30, McDonalds Restaurants discovered the hard way that a relationship with a contractor - in this case, employing cheap, untrained security...

 Read Full Article
Uber And The Cyber Nightmare Ride

In an unprecedented move, the National Cyber Security Centre has commented specifically on the Uber data breach - with a coded reference to the fact that Uber tried to...

 Read Full Article
FTSE 350 - General Data Protection Awareness Good

The Government will soon be introducing its new Data Protection Bill to Parliament. With this almost certain to come into effect next May, implementing the General Data...

 Read Full Article