CYBER security experts warned on Thursday of a new phishing attack trying to collect people’s login information.
Fraudsters are taking advantage of the comments feature in Google Docs to send people emails with malicious links.
When someone clicks a link, they are encouraged to enter the username and password for their Google account.
Attackers can then use these details to break into other online accounts, such as their social media profiles.
The researchers, from New York-based email security expert Avanan, say that the attack has targeted at least 500 inboxes since December.
In one blog post, Avanan’s Jeremy Fuchs says the team has observed “a huge, new wave of hackers taking advantage of the comment feature in Google Docs.”
The attack was “targeted primarily at Outlook users,” he added.
To carry out the attack, hackers are adding comments to public Google Docs.
Comments refer to the target with the @ symbol. In doing so, an email is automatically sent to that person’s inbox.
In that email, coming from Google, the full comment, including links and bad text, is included.
“Email addresses are not displayed, only the attackers’ names,” writes Fuchs, making this ripe for impostors.
Because email comes directly from Google, it can go through security scanners used by Outlook and other email platforms undetected.
In addition, the email does not contain the attacker’s email address, only the display name.
This makes anti-spam filters harder to evaluate and even harder to recognize as a potential victim of an attack.
Avanan says that it notified Google of the vulnerability on January 3 using the report email phishing button in Gmail.
It’s unclear if the search giant has fixed the problem. The Sun has reached out to Google for comment.
To protect yourself against similar attacks, make sure you scrutinize any links sent to you – even by big companies like Google.
Before clicking a comment on a Google Doc, you should cross-reference the email address in the comment to make sure it’s legit.
If you are unsure, you should contact the sender and confirm that they want to send the document.
In the UK, you can report a suspected phishing email to the National Cyber Security Center here.
In other news, scientists are embarking on a mission to unravel the mystery behind dozens of creepy baby mummy was buried in an underground tomb in Sicily.
The police caught an Italian mafia henchman who was on the run for 20 years after discovering the fugitive on Google Maps.
One of the The best preserved fossils ever found confirmed that young dinosaurs popped out of their shells like baby birds.
And, one eagle-eyed Reddit user made $2 billion fly stealth bomber on Google Maps.
We pay for your stories! Do you have a story for The Sun Online Science & Technology team? Email us at the address email@example.com
https://www.thesun.co.uk/tech/17247449/clicked-google-email-hacked/ If you clicked on a Google email recently, you may have been hacked