Gmail users warned of phishing email with malicious link - Action News
Home WebMail Thursday, November 14, 2024, 11:55 AM | Calgary | 6.4°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
Science

Gmail users warned of phishing email with malicious link

Alphabet Inc. warned its users to beware of emails from known contacts asking them to click on a link to Google Docs after a large number of people turned to social media to complain that their accounts had been hacked.

The hackers use known contacts to gain access

Google's parent company has issued a warning about a phishing scam that appears to be targeting Gmail users. (Virginia Mayo/AP)

Alphabet Inc. warned its users to beware of emails from known contacts asking them to click on a link to Google Docs after a large number of people turned to social media to complain that their accounts had been hacked.

"We are investigating a phishing email that appears as Google Docs," the company Tweeted from its Google Docs account on Wednesday. "We encourage you to not click through and report as phishing within Gmail."

Google said on Wednesday that it had taken steps to protectusers from the attacks by disabling offending accounts andremoving malicious pages.

"Our abuse team is working to prevent this kind of spoofingfrom happening again," the company said in an email to Reuters.

Users are asked to click on a link to view a document, which provides the hackers access to the contents of their Google accounts, including email, contacts and online documents, according to security experts who reviewed the scheme.

"This is a very serious situation for anybody who is infected because the victims have their accounts controlled by a malicious party," said Justin Cappos, a cyber security professor at NYU Tandon School of Engineering.

Cappos said he received seven of those malicious emails in three hours on Wednesday, an indication that the hackers were using an automated system to perpetrate the attacks.

He said he did not know the objective, but noted that compromised accounts could be used to reset passwords for online banking accounts or provide access to sensitive financial and personal data.

Google did not respond for requests to comment beyond its Tweet and other security experts said that victims should remove the hackers from their accounts as soon as possible.

"The point of the attack isn't clear yet, but it could be a pre-cursor to some larger attack they're planning," said Matthew Gardiner, a security expert with email security firm Mimecast.