Home / / Google Gmail hack: what to do now

Google Gmail hack: what to do now

A massive phishing attacks has left Gmail users and their contacts vulnerable

Google Gmail hack: what to do now
The phishing message was sent directly to users' inboxes from a trusted contact and also looked like a typical Google Doc link.

Last week a sophisticated phishing campaign targeted Google and affected over one billion Gmail account holders worldwide.

The attack, which was confirmed by Google, enabled hackers to invade Gmail accounts and access personal and sensitive information.

The phishing message was sent directly to users' inboxes from a trusted contact and also looked like a typical Google Doc link. Users who clicked onto the link were then faced with a Google security page and were asked to provide permission which then saw the accounts being compromised.

Users who did not click on the link were not affected.

To add, those who had clicked had unintentionally spread the attack to their contacts whether on Gmail or otherwise.

Google said on Twitter: "We are investigating a phishing email that appears as Google Docs. We encourage you to not click through & report as phishing within Gmail.

"We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts.

‘We've removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.'

Despite the email appearing genuine, there is a way to detect whether the email is malicious. The sender also included a fake email address - hhhhhhhhhhhhhhhh@mailinator.com - as the main recipient.

If this is the case, users must report the email as phishing by clicking the down arrow beside the reply button and selecting ‘Report Phishing' and then deleting it.

However if users clicked on the link, it is important not to grant permission when requested.

In the worst case scenario, if users have granted permission, immediately access the Google connected sites console and revoke access to Google Docs. And of course, change your Google password.

Related: Tips and tricks to secure your password

Follow us to get the most comprehensive technology news in UAE delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.