After millions of people were targeted in a Gmail phishing attack this week that used a fake Google Doc to trick users into handing over access to their email account, Google is taking steps to make sure the next attack isn’t so widespread.
In a post on the G Suite Updates blog titled, “Making email safer with anti-phishing security checks in Gmail on Android,” Google explains that it will be introducing a new security feature in its Android app this week that will help identify fraudulent sites that are looking to dupe you into revealing your personal information.
The way it works is similar to the warning you get when you navigate to a suspicious site in Chrome.
When you click on a shady link in a message, Google will show a warning prompt that reads, “The site you are trying to visit has been identified as a forgery, intended to trick you into disclosing financial, personal or other sensitive information.” As with Chrome, it gives you the option to continue to the page and report the warning as incorrect.
While it’s unclear how many people clicked on the Google Doc link from Android phones, this move certainly seems to be in response to Wednesday’s attack. In a statement, Google said it has “taken action to protect users against an email spam campaign impersonating Google Docs” and that the scam affected “fewer than 0.1 percent of Gmail users.”
Based on the billion Gmail users around the globe, however, that’s still likely around a million users.
Anyone who clicked on the Google Doc link should change their password immediately and revoke access to the fraudulent “Google Docs” app in their Google Account settings.
Why this matters: Phishing attacks are a fact of life on the web, but the Google Doc scam this week was particularly sophisticated.
The steps Google is taking here are good ones, and we hope to see the same security measures added to Gmail's apps on iOS and the web.