Just recently, we got word in about a phishing scam built around Google (News - Alert) Docs, which targeted a wide variety of media figures using Gmail, Google's email service. Now, Google has brought out a new protection measure in a bid to stop such attacks, but some question whether it would have done much good even if it had been available when the attacks started.
For those using the Gmail application on Android (News - Alert) devices, the new feature helps to provide some warning about suspicious links spotted. Given that the attack involved a Google Docs app hosted on Google's own domain, however, this new security measure might not have provided much protection at all, reports note. However, even if this doesn't stop every phishing attack, any amount of extra security is commonly worth pursuing. Especially when new attacks are sufficiently sophisticated to fool a variety of technologically-astute users.
This week's attack called on Google's own systems to purportedly be from a known contact who wanted to share a document. This kind of thing is done almost every day in some circles, and clicking on said link would have taken users to a Google-hosted Web page. It wouldn't even ask for a password, which would be a dead giveaway, but instead lists Google accounts. Then users were asked to provide permission for an app called “Google Docs,” which wasn't the actual Google Docs, but instead a front for the attack that would then spread to a user's contact list and attempt to replicate its success elsewhere.
Google is rolling out the new feature this week, and given how much of this phishing attack was connected immediately to Google itself, it's not clear that it would have been all that helpful even if it weren't late to the party. There are certain things users can do to protect themselves, but some of these attacks are too subtle to even be ferreted out by more advanced methods. It's really hard to say what anyone—even Google—could have done about this one or even can do about it in the future. However, Google needs to find a way; if Google Docs were ever considered too risky to use, that's a lot of business that will be going elsewhere.
There's really nothing else to say here but stay as vigilant as you can, keep your records in unconnected backup systems, and do your level best not to be beaten by scammers. You may not come out unscathed, but you'll prevent the worst of it.