From CNET: Google shut down a massive phishing scam that targeted users of its Google Docs service. You know, basically everyone.
The sophisticated phishing scam spread across the web on Wednesday afternoon, tricking people into giving up access to their Google accounts. Some people, like Reddit user JakeSteam, said the scam is so sophisticated it's virtually undetectable.
After offering some obvious advice -- don't click on the link -- Google tweeted it had wrestled the situation under control.
Phishing, of course, is nothing new and Google users get targeted often. In 2014, a similar scam targeted Docs and Drive users. The current ruse appears to have targeted journalists and educators, according to reports.
This scheme is different because it focuses on stealing access to your account rather than stealing your username and password. The attacker created a rogue app made to look like Google Docs, which unsuspecting victims would grant permission to.
Granting permission to a Gmail account is the "equivalent to having access to a username and password," Liam O'Murchu, director of Symantec's Security Technology and Response group said in an email. That means that victims could have been phished without even typing in their password.
View: Article @ Source Site
