An unusually sophisticated identity phishing campaign seemed to target Google’s roughly 1 billion Gmail users worldwide hoping to gain control of their entire email histories and spread itself to all of their contacts.
According to Google, the worm — which arrived in users’ inboxes posing as an email from a trusted contact — asked users to check out an attached “Google Docs,” or GDocs, file.
However, clicking on the link took them to a real Google security page, where users were asked to give permission for the fake app, posing as GDocs, to manage users’ email account.
To make matters worse, the worm also sent itself out to all of the affected users’ contacts — Gmail or otherwise — reproducing itself hundreds of times any time a single user fell for it.
“We are investigating a phishing email that appears as Google Docs. We encourage you to not click through & report as phishing within Gmail,” Google said via its tweeter handle, @googledocs.
“The strategy is a common one, but the worm that was released Wednesday caused havoc for millions of users because of its unusually sophisticated construction: Not only did the malicious link look remarkably realistic and trustworthy, but the email that delivered it also appeared to come from someone users already know — and the payload manipulated Google’s real login system.”
Google added that it had disabled the malicious accounts and pushed updates to all users saying the vulnerability was exposed for only about one hour and only fewer than 0.1 percent of Gmail users, which would still be about 1 million, were affected.
It is believed that the phishing attempt could have been a potential calamity for unsuspecting victims: With control of your Gmail account, scammers can harvest any personal data you’ve ever sent or received in an email. That can allow them to generate password-reset requests on scores of other services, potentially letting the hackers take over, for example, your Amazon, Facebook or online bank accounts.