Connect with us

Technology

If you’ve clicked a Google email recently then you may have been hacked

CYBER security experts warned on Thursday of a devious new scam attack that’s attempting to pinch people’s logins.

Crooks are taking advantage of the comment feature in Google Docs to send people emails with malicious links.

GettyHackers are sending malicious links to users through Google Docs[/caption]

When someone clicks on a link, they’re encouraged to enter the username and password for their Google account.

Attackers could then use these details to break into other online accounts, such as their social media profiles.

The researchers, from New York-based email security specialists Avanan, say that the attack has targetted at least 500 inboxes since December.

In a blog post, Avanan’s Jeremy Fuchs said that the team had observed “a new, massive wave of hackers leveraging the comment feature in Google Docs.”

The attack is “targeting primarily Outlook users”, he added.

To carry out the attack, hackers are adding a comment to a publicly available Google Doc.


The comment mentions the target with an @. By doing so, an email is automatically sent to that person’s inbox.

In that email, which comes from Google, the full comment, including the bad links and text, is included.

“The email address isn’t shown, just the attackers’ name, making this ripe for impersonators,” Fuchs wrote.

Because the email comes direct from Google, it’s able to pass undetected through security scanners used by Outlook and other email platforms.

Additionally, the email doesn’t contain the attacker’s email address, just the display name.

This makes it harder for anti-spam filters to judge, and even harder for the potential victim to recognise as an attack.

Avanan said that it notified Google of the flaw on January 3 using the report phish through email button within Gmail.

It’s unclear whether the search giant has remedied the issue. The Sun has reached out to Google for comment.

To protect yourself against similar attacks, make sure you scrutinise any links sent to you – even by big companies such as Google.

Before clicking on Google Docs comments, it’s a goog idea to cross-reference the email address in the comment to ensure it’s legitimate.

If you’re unsure, it’s advised that you reach out to the sender and confirm they meant to send the document.

In the UK, you can report a suspected scam email to the National Cyber Security Centre here.

In other news, scientists are embarking on a mission to unravel the mystery behind dozens of grisly child mummies buried in an underground tomb in Sicily.

Police have caught an Italian mafia henchman who’d be on the run for 20 years after spotting the fugitive on Google Maps.

One of the best-preserved fossils ever found has confirmed that young dinosaurs burst from their shells just like baby birds.

And, an eagle-eyed Reddit user has spotted a $2billion flying stealth bomber on Google Maps.

We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at tech@the-sun.co.uk