Phishing emails have been doing rounds of the interwebs quite recently and a particularly dangerous one has put Google on alert. Possibly as a result of the outbreak of this phishing scam today or as a general precautionary measure, Google has today announced that it is now including enhanced anti-phishing security checks in the Gmail app for the Android operating system.
When users click on a link that could be potentially harmful, the following warning will appear within the Gmail app,
The site you are trying to visit has been identified as a forgery, intended to trick you into disclosing financial, personal or other sensitive information. If you believe that this site is not actually a phishing site, you can report an incorrect warning.
Judging by the design of the page, the feature seems to use Google’s Safe Browsing database which systematically enlists sites that host malware or attempt to trick users into giving away personal information. This change is going to be a part of Gmail for Android version #7.4.23 and will be released on Google Play Store today.
This update is a welcome relief to people around the world who have succumbed to a phishing scam that has fooled them by looking disturbingly similar to Google Docs. The email looks identical to a normal Google Docs invitation email and asks the receiver to click on the ‘Open in Docs’ link. The user is then asked to give “Google Docs” access to any of the existing Google accounts. Following this, the scam then uses the user’s contact information to forward the email to all contacts i.e every person who has ever been emailed from the Google account.
Several people around the world took to posting on social media to spread the word and prevent other people from falling prey to this scam. Shortly after this, the official Gmail Twitter account said,
We are investigating a phishing email that appears as Google Docs. We encourage you to not click through, & report as phishing within Gmail.
Soon after this statement, the official Google Docs account released a three part message that has been summarized as follows:
Official Google Statement on Phishing Email: We have taken action to protect users against an email impersonating Google Docs & have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.
With the upcoming update for Gmail in the Play Store, several phishing threats can hopefully be shut down before they spread to such an extent. If you see the phishing email or something that looks like it, make sure you report it to Google so it can be blocked and taken down.