/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow Us/ciol/media/post_banners/wp-content/uploads/2016/11/gmail-ios-app-100691721-large.jpg)
Gmail users were hit by a massive, fast spreading phishing attack on Wednesday allowing hackers to access contact lists and Gmail accounts to spread spam messages widely.
The sophisticated attack arrived in users' inboxes posing as an email from a trusted contact and asked users to check out an attached "Google Docs," file. If users click the “Open in Docs” button in the email, it takes them to a legitimate Google sign-in screen that asks to “continue in Google Docs”.
Clicking on that link grants permission to a malicious third-party app to possibly access contacts and email, which could allow the spam to spread to additional contacts. The attack was simple, but sinister and wreaked havoc for millions of Gmail users. The malicious link looked remarkably real and trustworthy as the email that delivered it appeared to come from someone users already know — and the payload manipulated Google's real login system.
In an official statement, Google has confirmed it has now fixed the phishing attack. “We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts,” says a Google spokesperson. “We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again.”
Though Google has fixed the issue for now, no one knows just how sophisticated the attack was. The attackers were able to automate contact collection to spread the attack, and the fake web app also requested access to read, send, delete, and manage Gmail accounts.
In another statement issued late Wednesday night, Google assured Gmail users that, beyond contact info, no other sensitive data was gleaned from the attack and no further action is necessary to protect accounts:
"We realize people are concerned about their Google accounts, and we're now able to give a fuller explanation after further investigation. We have taken action to protect users against an email spam campaign impersonating Google Docs, which affected fewer than 0.1% of Gmail users. We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems. We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed. There’s no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup."