beefs up security in Android Gmail app following Docs phishing scam

BY

Published 4 May 2017

NSFW AI Why trust Greenbot

We maintain a strict editorial policy dedicated to factual accuracy, relevance, and impartiality. Our content is written and edited by top industry professionals with first-hand experience. The content undergoes thorough review by experienced editors to guarantee and adherence to the highest standards of reporting and publishing.

Disclosure

After millions of people were targeted in a Gmail phishing attack this week that used a fake Doc to trick users into hing over access to their email account, is taking steps to make sure the next attack isn’t so widespread.

In a post on the G Suite Updates blog titled, “Making email safer with anti-phishing security checks in Gmail on Android,” explains that it will be introducing a new security feature in its Android app this week that will help identify fraudulent sites that are looking to dupe you into revealing your personal information.

The way it works is similar to the warning you get when you navigate to a suspicious site in Chrome. en you click on a shady link in a message, will show a warning prompt that reads, “The site you are trying to visit has been identified as a forgery, intended to trick you into disclosing financial, personal or other sensitive information.” As with Chrome, it gives you the option to continue to the page report the warning as incorrect.

gmail phishing

Android users will now see a warning when they try to click on a fraudulent link.

ile it’s unclear how many people clicked on the Doc link from Android phones, this move certainly seems to be in response to dnesday’s attack. In a statement, said it has “taken action to protect users against an email spam campaign impersonating Docs” that the scam affected “fewer than 0.1 percent of Gmail users.” Based on the billion Gmail users around the globe, however, that’s still likely around a million users.

Anyone who clicked on the Doc link should change their password immediately revoke access to the fraudulent “ Docs” app in their  Account settings.

y this matters: ishing attacks are a fact of life on the web, but the Doc scam this week was particularly sophisticated. The steps is taking here are good ones, we hope to see the same security measures added to Gmail’s apps on iOS the web.