Some Google Docs users were hit with a very convincing, very real-looking phishing email today that some, unfortunately, fell for. The email claimed that someone had shared a document with the Google user, who would then click on the link and be taken to a real Google page to select their Gmail account. Choosing the account, though, led to a fishy page that requested access to the user’s account, and it only got worse from there.
An alert about the phishing email came from a Redditor who posted a full write up about the email and how it works to the social website. While many phishing emails are easy to spot, this one is quite the opposite, and it’s easy to see how someone less familiar with the Internet would fall for the scam. Those who do fall for the phishing email ultimately end up giving the scammers access to their address book and email. The access can be revoked here.
Following the Redditor’s publication of the phishing attempt, a Google employee stated that he or she had escalated the issue to the appropriate teams within Google to get the problem fixed. Less than 30 minutes after the scam became public, Google has implemented a solution, which included disabling the scammer’s accounts.
“We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening. We encourage users to report phishing emails in Gmail,” the company went on to say in a statement. That’s great, of course, and Google should be commended for squashing the problem so quickly…but don’t get complacent.
The phishing attempt was obviously a human-created thing, and so ultimately there’s nothing for Google to truly ‘fix’ the problem. While this scammer was taken down, there are thousands more ready to take their place and they’ll likely get more clever as time goes on. Phishing emails are an unfortunate reality, and one that can’t be easily eliminated. Emails can come from seemingly any company, including banks and medical facilities, and often times a user doesn’t realize they were tricked until it is too late. When in doubt, delete the email.