Following the widespread phishing scam that affected Google Docs and Gmail users this week, Google says it’s now rolling out a new security feature in its Gmail application on Android that will help warn users about suspicious links. This feature may not have prevented this week’s attack, however, as that attack involved a malicious and fake “Google Docs” app that was hosted on Google’s own domain.
However, the additional security protection is a step in the right direction, given how many users access Gmail on mobile, and the increasing sophistication of these phishing attacks that can even fool fairly tech-savvy individuals.
In this week’s attack, for example, you would have received an email from a known contact who said they were sharing a document with you. When you clicked to open the document, you’d be taken to an innocent-looking web page hosted by Google. The page wouldn’t even prompt you for your password, but instead listed all your Google accounts ready to be clicked.
You would be asked to give an app named “Google Docs” account permissions – but it wasn’t the real Google Docs. And once it had access, the worm began spreading to everyone in your contacts list.