Reading:
Google phishing scam affects up to 1 million users
Share:
ignoring cyberattacks

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Google phishing scam affects up to 1 million users

You would’ve thought that Google would have their cyber-security under wraps, but it seems that following Yahoo’s cyber-attack back in 2014, no company is safe.

In this case, a phishing email was sent out to nearly 1 million Gmail users, and the email itself claimed to come from trustworthy contacts using Google Docs – a document sharing and editing service. The email notified users that a document had been shared with them and invited them to open it, and upon clicking on the “Open in Docs” button that was displayed, users were asked to give “Google Docs” permission to access their emails and manage their contacts.

Google Docs is a legitimate service provided by tech giant Google, but this particular hacker masked themselves as Google Docs to gain access to users private information.

According to BBC News, people globally reported getting multiple copies of the email while some have received the message from trusted organisations. On the 3rd May, a spokesperson told NBC News that the vulnerability was exposed for about an hour and that it affected “fewer than 0.1% of Gmail users”. As Google has approximately a billion users, the affected users are suspected to amount to nearly 1 million.

Francisco Ribeiro, security engineer at Mimecast, attempts to give explanations for the sophisticated attack. Francisco notes that it’s “hard to protect against” since the hacker appeared to create a customer Google app using the name “Google Docs” to trick people.

Who was responsible for the cyber-attack?

A Twitter user, Eugene Pupov, took responsibility for the hack saying that it was created as a test for his project at Coventry University in the U.K. However, the bizarre tweet and account were both deleted and the university confirmed that there was never a student called Eugene Pupov enrolled at the university.

What information was accessed?

Google’s spokesperson stated that:

“…while contact information was accessed and used by the campaign, our investigations show that no other data was exposed.”

This doesn’t confirm exactly what was revealed or stolen by hackers. It could well be Google’s tactic to play-down the effects and impact of the cyber-attack.

Investigations continue

Google released a statement on Twitter stating:

There’s yet to be any conclusive findings of who was responsible for the attack, but the investigation continues.

Phishing scams

Phishing emails can be catastrophic. They’re usually created and sent with the hope of stealing money from the victim. Cyber-attackers can do this by installing malicious software on your computer or steal personal information from your computer. Microsoft notes that cyber-attackers do this through ‘social engineering’. They convince an individual to install malicious software or hand over personal information under false pretences. As with many users, I’ve been subjected to multiple phishing emails. You might ask – what does a phishing email look like? They can sometimes contain the following:

  • Spelling/grammatical errors – professional companies will usually have better content.
  • Links in the email – to probe you to click on them. This is where most individuals will fall foul. Once you’ve clicked the link, cyber-attackers can install and spread malicious software on your computer.
  • Threats i.e. if you don’t do what they’re requesting then your account will be blocked.
  • From a well-known company – so you wouldn’t give it a second thought that the email is in fact, spam.

If you do receive a suspicious email from what seems like a reputable company, always check the sender. Most scammers will use a similar email to the supposed company that they are emailing from, however as that domain is already taken, it will usually be slightly different – for example, entertainment provider Sky use the email sky@email.contact.sky to send out mass emails, and a hacker may use the email sky.@email.contact.sky – can you spot the difference? Sometimes it isn’t easy.

If you are still in doubt, contact the company yourself and simply ask them if they have sent that email. Most companies will be happy to know if phishing emails are being sent out on what looks like their behalf.

Sources:

https://www.microsoft.com/en-us/safety/online-privacy/phishing-symptoms.aspx
http://www.nbcnews.com/tech/security/who-s-behind-massive-gmail-phishing-attack-n754826
http://www.bbc.co.uk/news/technology-39845545
https://www.engadget.com/2017/05/06/google-explains-phishing-scam-defense/
https://www.wsj.com/articles/phishing-attack-hits-google-docs-1493853168

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon