As identity phishing campaigns become more sophisticated or tricky, developers have to come up with immediate solutions to protect its user base. Just a few hours after a massive phishing attack targeting Gmail users was widely reported, Google has now released a new security feature in its Gmail app to help keep your email safer. They have also assured the public that they have already disabled the phishing accounts and already removed the fake pages. Hopefully, this is not yet too late for majority of Gmail users that were targeted.
The phishing attack was a really sneaky one, with the worm arriving in your inbox supposedly from a “trusted contact”. It will then ask you to click on an attached Google Docs file, leading to your security profile where you will be asked to grant permission so it can manage your account. They will then be able to access your details and worse, it will send out to all your contacts, victimizing those who will click and grant permission as well.
The new security feature that Google is bringing to the Gmail Android app will supposedly protect you from this phishing attack and other similar problems in the future. If you click on a “suspicious” link in a message, you will receive a warning prompt from Gmail, stating that web forgery is suspected. It will then give you instructions as to what you should do and also an option to continue to the file if you’re sure it’s not a virus or hack.
But if you were already victimized by this attack, you have to go to your Google connected sites console and revoke access to Google Docs. Then of course change your Google password and also revoke permission for apps that you do not recognize. Happy un-phishing!