According to CNBC, about one million Google Gmail users — 0.1 percent of all Gmail accounts — were affected by a phishing email scam “seeking to gain control of their entire email histories and spread itself to all of their contacts.”
Enough members of the DePaul community were targeted by the May 3 attack that the university sent out an email alert warning Gmail users to not open the Google Doc.
“We have noted a very large number of malicious email messages incoming to DePaul within the last hour,” the email said. “These messages have a subject with the general format: (person’s name) has shared a document on Google Docs with you.” Many other universities are reporting the same attack.
The scam emails would be sent from a trusted contact’s account, presenting itself as a normal Google Doc and tricking users into allowing clocking “allow” access to contacts — a security step that exists only in Gmail, not on Google Docs.
Google assured users that the company has taken appropriate measures to minimize the harm inflicted by the phishing email scam.
“We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts,” Google said in a statement. “We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”
Critics noted that the company’s statement does not mention how the company plans to prevent similar attacks from happening in the future.
DePaul senior JohnFranco Joyce was one of the victims of the phishing email scam.
“Hacks like this are an everyday occurrence,” Joyce said. “I hope DePaul can safely secure its network. I am not entirely sure what created this mess, it is important to be aware of your internet self. That is, scroll the internet as if you are walking the streets of Chicago — be fully aware of (where you are going), the websites you are accessing and the information you are giving out.”