The web spreading a new way to hack Gmail

Today, many users Gmail night received notice that they were added to the list of editors of a certain document stored in Google Drive. This letter was exactly the same form as the standard notification service about rassharivaniya files. More persuasive letters attributed the fact that it was sent from one of the people whose address was available in the contact list.

Users without any fear followed the link to read the document. Here attackers prepared for them a phishing application that requests full access to e-mail. This application has been disguised as a Google Drive: had the same icon and name.

Next malicious applications requested him full access to e-mail. If the user agrees, then a flash, the worm sends itself to all addresses from the address book (which is why the letters come from the familiar contacts).

As a result, attackers gain complete control over mail. In particular, they can delete messages, to read them, and even send correspondence on behalf of the victim. They are worth nothing to reset the password to any service, tied to this mailbox, and thus take possession of it.

A few hours after the beginning of the epidemic, Google reported a hacker disabling applications masquerading as Google Drive. However, no one gives a guarantee that the attack will not happen again using a different bait.

We've addressed the issue with a phishing email claiming to be Google Docs. If you think you were affected, visit https://t.co/O68nQjFhBL. pic.twitter.com/AtlX6oNZaf

- Google Docs (@googledocs) May 3, 2017

How to protect yourself from phishing attacks of this kind?

First of all, try not to open rassharennye Google documents without full confidence that they really share with you a real person. Better to send too much email or call to accurately verify the harmlessness of the received invitation.

And do not forget to double-check the list of trusted applications, as we were advised to this article. As you can see, some of them can be really dangerous.