An easy example of how phishing attacks work is to take a look at a case that has already happened; a phishing attack utilizing Google Docs hit numerous Gmail accounts about a year ago. The phishing email was sent from compromised Google accounts to other Google accounts for approximately three hours, after which Google intervened directly and stopped all such emails. The email contained an invitation to a Google Doc, and if clicked, the link took users to a fake App that asked for permission to access the user’s Gmail account. The phishing email was convincing enough to have fooled some Google users into giving permission.
The primary damage could be significant or benign depending whether your Gmail account was logged into by the attackers. The main attack then automatically resent the same attack to all your Gmail contacts (secondary damage being social embarrassment from being phished). However, there was a small potential that the attackers may have logged you’re your compromised Gmail account to study your emails, reset other online account passwords, or change account recovery options on your Gmail account! There was no known malware in this attack, which infected recipient computers.
Google acted very quickly to reports of this phishing attack, stopping all related emails within 3 hours of the outset of the attack. If you think you may have been compromised here are six steps to take as soon as possible (Google recommendations):
CyberHoot knows that in the absence of a password manager, people reuse passwords throughout their online accounts! If your Gmail account was compromised by this attack, hackers might be trying to log into other accounts you have even after you removed the hackers access to your Gmail account. One of our favorite password managers – LastPass – once populated up with your online accounts, will tell you which accounts reuse your Gmail credentials. Change those to unique passwords to eliminate this cybersecurity risk now and in the future. If you would like more information on this topic, check out our article on Passwords, Passphrases, and Password Managers.
This was a simple but highly convincing phishing campaign designed to steal Gmail account credentials. Before clicking or opening anything always be sure to answer these questions affirmatively:
1) Was I expecting this email?
2) Was this email…
3) Is the grammar, spelling, email construction correct?
4) Does my gut tell me there is absolutely nothing wrong with the email.
If you answer NO to any of those, pick up the phone and call the sender to confirm they sent the message to you on purpose; otherwise, delete the message.
Stay safe online!
Editors Note: There is an article we wrote, Domino Breaches: Get Ahead of this Breach ASAP to stop the Falling Dominos. This article on phishing details another variant of attack similar to the Domino attack article published just over a month ago. Similar attacks have been made against Microsoft’s O365 users. No-one is truly safe online today without adopting the technical protections outlined in this article. Be safe online and remember, “Knowledge is Power!”.
Author, Craig, Co-Founder – CyberHoot
Editor, Ty Mezquita, Blogger/Social Media – Cyberhoot
Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.
Spoiler alert: If you’re still using “password123” or “iloveyou” for your login… it’s time for an...
Read moreStop tricking employees. Start training them. Take Control of Your Security Awareness Training with a Platform...
Read moreGet sharper eyes on human risks, with the positive approach that beats traditional phish testing.