Gmail users have been attacked by a phishing scam involving Google Docs as an instrument. This hacker attack has affected 1 million users that composes less than 0.1 percent of Gmail customers. Despite the attack has influenced a few number of users, Google has prevented it within an hour by means of automatic and manual operations. According to the officials, the fake pages and applications have been successfully removed, which has also forced to update the Gmail anti-abuse systems.
The Google team assures its users do not need to take any self-protection measures. But if you still have privacy and personal security concerns about potential hacker attack, the following list of security methods will be extremely useful.
- Anti-Phishing Security Checks
A new tool has been designed by Google in order to warn users when clicking on a suspicious link. In such a manner, it alerts customers that this site is identified as a fake and recommended to be avoided.
Compatible OSes: Android.
- Docs Attack Prevention
If you receive an email from an unidentified source, where it is required to follow a link to a Google Doc, ignore this request. Using the link, you will be redirected to a fake webpage Google OAuth 2.0. Thus, you will provide attackers with access to your confidential data, such as an address book, which can be used for further criminal actions distribution.
- Proper Use of OAuth
OAuth protocol is commonly adopted by the majority of web-based applications and platforms including Google apps, Office 365, LinkedIn etc. It is used for secure connections of web apps and services with no need to share user account credentials.
Nevertheless, the protocol is extremely sensitive to phishing because every OAuth-based site requires its customers to provide some identification data, such as usernames and passwords. Today’s OAuth-based attacks bypass all standard security level posing great risk to all network community. Beyond all doubt, OAuth needs to be modified with the strongest up-to-date mechanisms as soon as possible, or social media services will be the first massive victims.
Institutionally, a strict security strategy needs to be developed. All employees should follow the implemented rules while avoiding suspicious apps and e-mails.
As for individual users, they should secure the Google accounts and deny public access requests coming from irrelevant applications.
- A third-party security apps
Despite all the mentioned methods, you are highly advised to install additional protective apps and keep them updated. First of all, look for the strongest antivirus protection, which shelters your device from potential malware infections. One of the most in-demand tools is a credible VPN. Be sure, this technology will increase your personal privacy and online security. Subscribing for the best VPN service, you’ll become untraceable for prying eyes and malicious hackers.
By following these simple rules you will be protected against phishing attacks and able to surf the web freely and securely without worrying about secret data leakages.