Google’s Phishing Scam

HaEun Park, Staff Writer

Even the most popular and advanced search engines have some mishaps. Recently, emerged from Google Docs, there’s been a scam reaching a million Google users.

Apparently, it all began with a link with instructions that many users clicked and followed. This allowed the hackers to access many email accounts. Users were then sent an invitation by an anonymous contact to edit a Google Doc. In the message, the email address hhhhhhhhhhhhhhhh@mailinator[.]com was copied, but the free email service provider, Mailinator, denied that they were involved. Once users clicked on “Open in Docs,” they were asked to allow an imposter, but seemingly real “Google Docs” for entry to their email account data. Thus, users granted access to the hackers to their email account, contacts, and online documents. This then sent another chain reaction since the harmful software wouldbe sent the link to all of the victim’s contacts.

Justin Cappos, a cyber security professor at New York University stated, “This is a very serious situation for anybody who is infected because the victims have their accounts controlled by a malicious party.” PC World magazine said, “the scam was more sophisticated than typical phishing attacks, whereby people trick people into handing over their personal information by posing as a reputable company.” These hackers instead built a third-party app in order to gain entry to account date, avoiding the need to find out user’s login credentials.

Fortunately, Google was able to stop further spread of the link within an hour. In an updated statement, Google later stated that “While contact information was accessed and used by the campaign, our investigations show that no other data was exposed.” Regarding this event, Google users aren’t required to take further actions either, but “users who want to review third-party apps connected to their account can visit Google Security Checkup.”

Fancy Bear, a Russian hacking group, was accused of setting up this plan since they have also used similar methods in the past. However, Jaime Blasco, chief scientist at security provider AlienVault, told PC World, “I don’t believe they are behind this… because this is way too widespread.”

Although around one million users were affected, it still only rounds up to fewer than 0.1% of the total Google users. All in all, no serious harm was done to any of the victims, and Google was able to detect and shut down the scam fairly quickly. In the case, that this does occur again there is always an option to report phishing to Google when anyone has been sent a sketchy email. Although there was a quick recovery, it is still an important reminder for all of us to be cautious with any suspicious users or emails sent out to us.