Google Docs, Gmail Phishing Attack: What You Need to Know

Google recently confirmed a phishing attack was used to target roughly 1 billion Gmail users worldwide. With the phishing attack, cybercriminals attempted to gain control of Gmail users' email histories and spread a vulnerability to all of their contacts, according to Google.

As part of the Google phishing attack, Gmail users received a vulnerability disguised as an email from a trusted contact.

The email included a Google Docs file, and Gmail users who clicked the link to open the file were taken to a real Google security page. Then, Gmail users were asked to provide the sender with access to their Google contact lists and Google Drive.

The vulnerability was exposed for only about one hour and affected "fewer than 0.1 percent of Gmail users," a Google spokesperson told NBC News. However, the culprits behind the phishing attack remain unknown.

Google is currently investigating the phishing attack. The company is encouraging Gmail users not to click through the phishing email and report it as phishing within Gmail.

In addition, Google has disabled the offending accounts and is urging Gmail users who may have been affected to complete a Security Checkup to remove unwanted apps.

Phishing represents the top delivery vehicle for ransomware and other malware, endpoint protection company Barkly noted in a prepared statement. As such, phishing attacks are unlikely to go away any time soon.

Fortunately, MSPs can provide education to ensure their customers are prepared to identify and address rapidly evolving phishing attacks.

Here are three tips to help MSPs teach customers about phishing attacks.

  1. Outline the Impact of Phishing Attacks. Offer insights into how phishing attacks can harm a company's revenues, brand reputation and customers.
  2. Provide Best Practices. Best practices should encourage employees to proceed with caution, even when they encounter emails and websites that seem to originate from trusted sources.
  3. Make Training a Top Priority. With cybersecurity training, businesses can teach employees how to identify phishing attack warning signs.

Ultimately, education can play a key role in a business' efforts to minimize the effects of phishing attacks. It ensures an MSP can help businesses take a proactive approach to phishing attacks and reduce the risks associated with various cybersecurity dangers.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.