Scammers and hackers have historically employed the most elaborate and sneakiest tactics in order to get the personal information of as many unsuspecting users as they can. Now, a new phishing email scam has just been discovered and this time around the hackers are masquerading their emails as one that is supposedly coming from Google.

According to The Verge, the sophisticated new Google Docs phishing scam has spread like wildfire and has likely already affected thousands of users across the globe. The email itself pretends to be a legitimate Google Doc invite that may show the sender as being one of the names on the target's contact list. If the invite is accepted, the email then replicates itself and then blasts out new emails to everyone on the target's contact list.

As per a report from Tech Crunch, users who open the email are asked to allow "Google Docs" permission to access their account. The third party app, which actually doesn't have anything to do with Google Docs will then be able to fully access the user's emails and contacts list. Aside from being able to send new emails to everyone in the contacts list, hackers can cherry pick different types of information from the emails, which may include personal information such as bank account details, passwords, private emails, and other sensitive information.

The entire interface starting from the email itself up to the authentication page looks exactly like the one Google uses. However, checking out the developer info will reveal that the page is actually not created by Google themselves. Users who receive such emails inviting them to open a Google Docs document are advised to immediately delete the email.

Google has responded to the recent attack and mentioned that they have so far been able to block it. However, the hackers can easily create new ones to continue their onslaught. In the meantime, it might be best to stay away from Google Doc-related emails until the issue is resolved.

© Copyright 2024 Mobile & Apps, All rights reserved. Do not reproduce without permission.