If you recently clicked a Google email, you may have been hacked.
On Thursday, cyber security experts warned of a new scam attempting to steal people’s login credentials.
Crooks are using the Google Docs comment feature to send malicious links in emails to people.
When someone clicks on a link, they’re prompted to enter their Google account username and password.
Attackers could then use these credentials to gain access to other online accounts, such as social media profiles.
According to the researchers from Avanan, a New York-based email security firm, the attack has targeted at least 500 inboxes since December.
Avanan’s Jeremy Fuchs wrote on his blog that the company had seen “a new, massive wave of hackers leveraging the comment feature in Google Docs.”
He went on to say that the attack is “primarily aimed at Outlook users.”
Hackers are carrying out the attack by leaving a comment on a publicly accessible Google Doc.
The target is mentioned in the comment with an @ symbol.
An email is automatically sent to that person’s inbox as a result of this action.
The entire comment, including the bad links and text, is included in that Google email.
“The attackers’ name is displayed instead of their email address, making this ripe for impersonation,” Fuchs wrote.
Because the email is sent directly from Google, it can pass through security scanners in Outlook and other email clients undetected.
Furthermore, only the display name of the attacker is included in the email, not his or her email address.
This makes it more difficult for anti-spam filters to determine what is spam, and even more difficult for the potential victim to recognize an attack.
According to Avanan, the flaw was reported to Google on January 3 via the Gmail report phish through email button.
It’s unclear whether Google has fixed the problem.
Google has been contacted for comment by the Sun.
To protect yourself from similar attacks, double-check any links sent to you, even if they are from big companies like Google.
It’s a good idea to double-check the email address in the Google Docs comment before clicking on it to make sure it’s legitimate.
If you’re unsure, contact the sender to confirm they intended to send the document.
You can report a suspected scam email to the National Cyber Security Centre here in the United Kingdom.
In other news, scientists are embarking on a mission to solve the mystery surrounding dozens of gruesome child mummies discovered in a Sicilian underground tomb.
After spotting the fugitive on Google Maps, police apprehended an Italian mafia henchman who had been on the run for 20 years.
One of the most well-preserved fossils ever discovered…
Latest News from Infosurhoy.