How Google protects your account from phishing (and how this week's attack worked)

Victims of this attack received an email that appeared to be an invite to a Google Doc from one of their contacts. When users clicked the link in the attacker’s email, it directed them to the attacker’s application, which requested access to the user’s account under the false pretense of gaining access to the Google Doc. If the user authorized access to the application (through a mechanism called OAuth), it used the user's contact list to send the same message to more people.

Upon detecting this issue, we immediately responded with a combination of automatic and manual actions that ended this campaign within an hour. We removed fake pages and applications, and pushed user-protection updates through Safe Browsing, Gmail, Google Cloud Platform, and other counter-abuse systems. Fewer than 0.1% of our users were affected by this attack, and we have taken steps to re-secure affected accounts.

Google is working on improving this process.

What you can do to protect yourself

* Take the Google Security Checkup, paying particular attention to any applications or devices you no longer use, as well as any unrecognized devices
https://myaccount.google.com/secureaccount

* Pay attention to warnings and alerts that appear in Gmail and other products
https://support.google.com/mail/answer/1074268

* Report suspicious emails and other content to Google
https://support.google.com/mail/answer/8253
https://safebrowsing.google.com/safebrowsing/report_phish/

Learn more on the official Google blog:
https://blog.google/products/g-suite/protecting-you-against-phishing/
Shared publiclyView activity