Following the events of the past week involving a high-speed worm that traveled the net as a Google Doc, the company has a new announcement for its users.
A few days after one million Google accounts underwent a Google Docs phishing scam, people have become anxious on what accounts they need to sync with their Google so that they aren't victims of online hacking. Granting such authorization, will give the sender [hacker] the permission to read, send, delete and manage email, as well as manage contacts.
Earlier reports suggested the attack was a phishing scam potentially aimed at harvesting personal information and maybe even Google login credentials. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed.
"In addition, we're taking multiple steps to combat this type of attack in the future", said Google. It removed the fake pages and applications, and it pushed updates through Safe Browsing, Gmail and other anti-abuse systems. Google previous year put the number of active monthly Gmail users at more than 1 billion. But it's a good excuse to check your Google account to verify everything connected to it. This is done via having an end-user who's already logged in so he may allow the scammer acquire admission into one harmful app pretending to be Google Docs.
Google allows for a Two-Step Verification when signing in, which makes it more hard for someone to sign in, even if your password is compromised. I apparently haven't used any of the app-specific passwords I created since 2015, so I can probably delete them all.
When victims clicked on the web-link they saw a page which appeared nearly exactly like one genuine Google login page.
He said the hackers had also pointed some users to another site, since taken down, that sought to capture their passwords. If an email message ever feels wrong, navigate to a linked Web page manually rather than clicking through from the message. The vast majority of email that lands in your Inbox is entirely innocuous, and worrying about a phishing attack every time you open a message is no way to live.