Last night a worldwide phishing attack hit Google Docs and Gmail users. The emails all seemed to be related to the domain “mailinator.com”, specifically involving the email address “hhhhhhhhhhhhhhhh@mailinator.com”.
The scam tried to get you to open a “shared” document which installs an App onto your Google Account which automatically spams through to your entire contact list.
These cyber criminals did not require a password, they gained access through a logged-on user. When clicking on the Google Doc a malicious application would gain access to their Google account data including: contacts, online documents and emails.
Reportedly, some users who received the scam were sent several emails in succession, suggesting the hacker used an automated system to carry out the attacks.
A large number of users were complaining on social media that their accounts had been hacked. Since then Google has warned its users to be very cautious of contacts asking them to click on a link to Google Docs.
Google has said they have disabled the malicious accounts to ensure their users are protected and are “working to prevent this kind of spoofing from happening again.”
As these attacks are becoming increasingly sophisticated and damaging, you must ensure that your employees are educated on how to spot a potential scam. Our phishing simulation service allows you to put your employees to the test.
How does it work?
First of all we send out a faux phishing email posing as a ‘credible’ brand. Then if the employee is persuaded to click on the link they are redirected to training videos and interactive quizzes. We then send you a detailed report with a breakdown of which employees were susceptible. If you would like to know if your employees are putting your business at risk, find out more about this service here.
