When we talk about fishing, we usually think of catching fish, but these days, the Phish are catching the email accounts. Last week, news broke about a sizable phishing scam perpetrated on Google and Facebook by a Lithuanian scammer pretending to sell hardware out of Taiwan. The financial impact was huge, with over $100M being taken surreptitiously. Now this week another major phishing scam has hit Google again, but this time with the run of the mill users being the main victims.
Gmail and Google Docs have become a mainstay for much of the world, and the stats are staggering. Over one billion people, 60% of mid-sized companies as well as nearly all start up companies use Gmail. There are also over 10 million subscribers to the Google Docs platform as well. The Gmail spam cleaning services are excellent as well. Over all users, about 1/10th of 1% of spam gets through filters and into users’ inboxes. And an even smaller portion of non-spam emails end up in users’ spam folders (.05%). These stats have made Gmail one of the most trusted email services in the entire world. Google Docs is no different, with a massive following, both personally and corporately.
The phishing scam this week was particularly cunning, as it used other affected users’ emails to send Google Docs links to client lists. Once the user opens the Google Docs link, the malware quickly pulls in all the Gmail information which would otherwise be secure. This means that all sensitive information in all emails is now likely subject to search by the scam perpetrators. Not only has it affected single users but also corporate users as well.
Today Google announced that perhaps .1% of user accounts had been compromised, which seems small. However, given the massive user numbers, over 1 million accounts have likely been affected. However, at this time, they don’t believe other information was compromised. Google announced, ”We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed.”
If you think you or your company have been affected, Google has offered some security help by reporting the phishing to Google directly. At this point, Google has announced that it has taken appropriate security measures, and all those who have been affected should be careful to report any information to Google. Users can also remove the Google Docs app under the Permissions link. Notice the authorization time. If it is recent, the app is malicious and should be removed.
This event only highlights the need for further careful corporate and personal training in order to mitigate this from happening again. Education about links of this type will be critical for management of future copy cat scams. In this case, the tell tale sign for the scam was that the email came with the address [email protected] Without a quick scan of the email fields, users would never have known this was a scam email. With a little training, such attacks could be noticed and ignored by users in the future.