A widespread phising attack has hit Google users today. The phising attack used a shortcoming in Google apps that allowed spoofing of legitimate Google apps by creating an application that is named similar to Google’s services.
How to know if you’ve been affected by this scam
If any invitation to edit a Google docs file led you to a screen asking you to allow ‘Google Docs’ some feature like shown in the image below.
And, you clicked the allow button, then you’ve fallen victim to this phising scheme. You can check the allowed apps list in your Google accounts for further confirmation. If you have any suspicious applications ending with ‘apps.googleusercontent.com’ then you are affected by this scam.
What to do if you’ve fallen victim to this scam
Google has already deleted the offending apps, and accounts and has taken steps to secure user . To be further safe you can take the following steps:
- Review allowed apps list in your Google accounts and remove the permission granted to the previous app that should now have a name ending with ‘apps.googleusercontent.com’. For further safe measure, remove permission of any untrusted and suspicious apps.
- Check your sent mail folder in gmail to see if your account has sent any inexplicable mails.
- If such mail has been sent notify the receiver immediately
- Check other accounts and services connected to the affected account for password changes.
For GSuite admins
- Block firstname.lastname@example.org from inbound and outbound mailing lists
- Revoke access to the ‘Google Docs’ app that should now have a name ending with ‘apps.googleusercontent.com’ from the accounts section in Google admin console.