As you may have heard, email users have been receiving unsolicited emails with a fake Google Docs link inside. If you receive it, simply delete it.
Google has provided an update on this attack this morning:
"We realize people are concerned about their Google accounts, and we're now able to give a fuller explanation after further investigation. We have taken action to protect users against an email spam campaign impersonating Google Docs, which affected fewer than 0.1% of Gmail users. We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems. We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed. There's no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup."
If you HAVE clicked the link, or just want peace of mind perform the following procedure:
- Go to Google’s account management page, Sign-In and Security, and then Connected Apps. Once you’re there, hit the button that says “Manage Apps” to see the full list of apps and permissions.
- You’re looking for one titled “Google Docs,” but this is a good opportunity to go through the list and delete anything you don’t recognize, or anything with permissions that are far too broad. Google is already taking steps to fix this attack, so if you don’t see the Google Docs app in the list, it means you’re probably safe.
And don’t forget...
- change your passwords - it's always good practice to change any password frequently and maintain sufficient complexity.
- Enable 2FA (2 Factor Authentication) This increases your security measurably.
Your domain based data is safe from this situation. The goal of the scheme is to acquire control of your Google Account and anything that can gain access VIA your google account sign-in FB, TWITTER, AMAZON, etc.