Google is investigating an email scam making way through inboxes across the country and had disabled the accounts as they are now being tied to accounts that are responsible for the spam.
The virus, which is an attack on a Google users account, emerged Wednesday afternoon, when spammers dispatched a malicious email, appearing to come from people the recipients knew, asking them to click on what appeared to be a Google document.
Those who clicked on the links were prompted to give the sender access to their Google contact lists and Google Drive. In the process, victims allowed spammers to raid their contact lists and send even more email. As of this time, it is unclear who created the spam email or how many have been affected.
Google stated earlier today that it had disabled the accounts responsible for the spam, updated its systems to block the virus, and is working on ways to prevent such an attack from recurring or a similar attack from happening again in the future.
If you receive suspicious email, here are some tips:
1. Do not click! Stay away!
Even when you receive links from trusted contacts, be careful what you click. Spammers, cyber-criminals and, increasingly, nation-state spies are resorting to basic email attacks, known as spear phishing, which bait victims into clicking on links that download malicious software, or lure them into turning over their user names and passwords.
A quarter of phishing attacks studied last year by Verizon were found to be nation-state spies trying to gain entry into their target’s inboxes, up from the 9 percent of attacks reported in 2016.
In this case, the malicious emails all appeared to come from a contact, but were actually from the address “firstname.lastname@example.org” with recipients BCCed.
2. Turn on multi-factors authentication.
Google and most other email, social media and banking services offer customers the ability to turn on multifactor authentication. Use it. When you log in from an unrecognized computer, the service will prompt you to enter a one-time code texted to your phone. It is the most basic way to prevent hackers from breaking into your accounts with a stolen password.
3. Shut it down.
If you accidentally clicked on the Google phishing attack and gave spammers third-party access to your Google account, you can revoke their access by following these steps:
Go to https://myaccount.google.com/permissions
Revoke access to “Google Docs” (the app will have access to contacts and drive).
4. Change your passwords … again.
If you’ve been phished, change your passwords to something you have never used before. Ideally, your passwords should be long and should not be words that could be found in a dictionary. The first things hackers do when breaking into a site is use computer programs that will try every word in the dictionary. Your email account is a ripe target for hackers because your inbox is the key to resetting the passwords of, and potentially breaking into, dozens of other accounts.
Make your password long and distinctive. Security specialists advise creating anagrams based on song lyrics, movie quotations or sayings. For example, “The Godfather” movie quotation “Leave the gun. Take the cannoli,” becomes LtG,tTcannol1.
5. Report it.
Report any phishing attacks to Google by clicking the downward arrow at the top right of your inbox and selecting “Report Phishing.” Companies count on those reports to investigate such scams and stop them.
Good luck with your emails in the future!