Google phishing attack: Gmail users hit by massive email scam sweeping web
It allows hackers to take over your email account
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.A huge scam is sweeping the web and anyone with a Gmail account may be vulnerable.
Huge numbers of people may have been compromised by the phishing scam that allows hackers to take over people's email accounts.
It's not clear who is running the quickly spreading scam or why. But it gives people access to people's most personal details and information, and so the damage may be massive.
The scam works by sending users an innocent looking Google Doc link, which appears to have come from someone you might know. But if it's clicked then it will give over access to your Gmail account — and turn it into a tool for spreading the hack further.
As such, experts have advised people to only click on Google Doc links they are absolutely sure about. If you have already clicked on such a link, or may have done, inform your workplace IT staff as the account may have been compromised.
The hack doesn't only appear to be affecting Gmail accounts but a range of corporate and business ones that use Google's email service too.
If you think you may have clicked on it, you should head to Google's My Account page. Head to the permissions option and remove the "Google Doc" app, which appears the same as any other.
You'll be able to tell if it is the malicious app if it has a recent authorisation time.
That app has full access to a person's Google account as well as being able to send emails that appear to be from them, making the attack especially dangerous.
The email itself comes addressed to hhhhhhhhhhhhhhhh@mailinator.com — which is the only way to know that the email is malicious. They otherwise look completely legitimate, including the account in the "from" field.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments