Google Gmail hack: what to do now
A massive phishing attacks has left Gmail users and their contacts vulnerable
Last week a sophisticated phishing campaign targeted Google and affected over one billion Gmail account holders worldwide.
The attack, which was confirmed by Google, enabled hackers to invade Gmail accounts and access personal and sensitive information.
The phishing message was sent directly to users' inboxes from a trusted contact and also looked like a typical Google Doc link. Users who clicked onto the link were then faced with a Google security page and were asked to provide permission which then saw the accounts being compromised.
Users who did not click on the link were not affected.
To add, those who had clicked had unintentionally spread the attack to their contacts whether on Gmail or otherwise.
Google said on Twitter: "We are investigating a phishing email that appears as Google Docs. We encourage you to not click through & report as phishing within Gmail.
"We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts.
‘We've removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.'
Despite the email appearing genuine, there is a way to detect whether the email is malicious. The sender also included a fake email address - firstname.lastname@example.org - as the main recipient.
If this is the case, users must report the email as phishing by clicking the down arrow beside the reply button and selecting ‘Report Phishing' and then deleting it.
However if users clicked on the link, it is important not to grant permission when requested.
In the worst case scenario, if users have granted permission, immediately access the Google connected sites console and revoke access to Google Docs. And of course, change your Google password.