A malicious phishing virus that impersonated Google Docs was discovered and quickly shut down last week – but not before affecting potentially one million Gmail email users. Individuals affected by the attack reported receiving emails with invitations to view documents in what purported to be Google Docs. If someone clicked on the link to view the documents, the account takeover worm would email itself to every contact in the user’s contact list. As the virus spread, Gmail users feared that the phishing email might be looking for or requesting access to personal information.
About an hour after it was first reported to Google, the worm was disabled. Google believes that the only information accessed was contact information. Google reported that the bug affected less than 0.1% of Gmail users. Additionally, Google stated that Gmail users who received these emails and/or who clicked on the link do not need to take any additional action to protect themselves.
Google issued a short statement via Twitter on Wednesday afternoon, and issued the following statement:
We realize people are concerned about their Google accounts, and we’re now able to give a fuller explanation after further investigation. We have taken action to protect users against an email spam campaign impersonating Google Docs, which affected fewer than 0.1% of Gmail users. We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems. We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed. There’s no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup.
The evolution and danger of phishing emailsPhishing emails have evolved over the years to appear realistic and legitimate. In this case, clicking on the link apparently did not result in harm to the recipient. In other cases, recipients who are tricked by phishing emails are not quite as lucky; phishing emails routinely result in identity theft, hacked systems, data breaches, and other security issues.
This incident is a good reminder to all to avoid opening attachments and clicking on links in emails that are from unknown sources, that are unexpected, or that otherwise seem suspicious. Businesses should see this incident as an opportunity to re-train employees on all internal privacy and security policies, including how to best respond to a phishing email.