According to Google, the attacker only managed to make off with contact information

The company says it blocked the sophisticated exploit in approximately an hour

Google has tackled a sophisticated phishing attack designed to trick users into exposing their accounts to cyber criminals.

The web giant says it managed to stop the attack within “approximately one hour”, and claims that fewer than 0.1 per cent of Gmail users were affected.

The scam worked by sending users an invitation to edit an innocent-looking Google Doc, which appeared to have come from a trusted contact. 

Clicking it would take you to a Google page prompting users to permit a legitimate-looking service, called Google Docs, to access their email data.

The party behind the attack could then take over an account and distribute the links to even more email addresses.

According to Google, the attacker only managed to steal contact information, and Gmail users don’t need to take any further action to protect themselves.

That said, this isn’t the first convincing Gmail scam we’ve seen over recent months, and users should remain vigilant and only click on links they know to be safe.

It’s also worth visiting Google’s Security Checkup page to review account permissions.

Another Gmail phishing attack spotted in January tricked users by analysing and mimicking their past messages, and using the data to compose convincing emails. 

Google has also released a security update for the Android version of its Gmail app, designed to protect users from phishing attacks.

“When you click on a suspicious link in a message, Gmail will show a warning prompt helping you keep your account safe,” the company announced.

The update is being rolled out gradually, and should be available to most users this week.

Comments