After Docs Phishing Scam, Google to Call Out Unverified Apps

Google is rolling out a new 'unverified app' warning screen, which will appear when you encounter web apps Google has not confirmed as authentic.

Grow Your Business, Not Your Inbox

Stay informed and join our daily newsletter now!
Will be used in accordance with our Privacy Policy
After Docs Phishing Scam, Google to Call Out Unverified Apps
Image credit: Shutterstock
3 min read
This story originally appeared on PCMag

Google is beefing up security following the major Docs phishing scam in May.

The Web giant is rolling out a new "unverified app" warning screen, which will appear when you encounter web apps that have not yet been confirmed to be authentic by the company.

"This app has not been verified by Google yet," the screen reads. "Only proceed if you know and trust the developer…unverified apps may post a threat to your personal data."

Google currently displays an error page when users and developers try to access unverified web apps. In a blog post, Google identity team member Naveen Agarwal and G Suite Developer Advocate Wesley Chun said the change "will help reduce the risk of user data being phished by bad actors."

The new warnings come after online miscreants in May launched a phishing campaign targeting Google accounts. Victims received fraudulent emails that included what appeared to be a Google Docs link. Clicking the purported Google Docs button in the message took users to an actual Google page, which asked them to grant access to an app masquerading as Google Docs. Those who granted permission inadvertently gave attackers full access to their email messages and contacts.

In the coming months, Google plans to extend the verification process and new warnings to existing apps as well. That means developers of some current apps "may be required to go through the verification flow," Agarwal and Chun wrote.

"We're committed to fostering a healthy ecosystem for both users and developers," they added. "These new notices will inform users automatically if they may be at risk, enabling them to make informed decisions to keep their information safe."

Meanwhile on the security front, researchers at social media security firm ZeroFOX over the weekend disclosed a "large-scale, spam pornography" Twitter botnet called Siren.

The company identified more than 8.5 malicious million tweets from nearly 90,000 accounts related to the campaign, making Siren "one of the largest malicious campaigns ever recorded on a social network." Links in the tweets redirected users to websites that encouraged them to "sign up for subscription pornography …or fake dating websites" known to be scams.

ZeroFOX said the campaign, which has now been shut down, was "incredibly successful," generating more than 30 million clicks from victims. The company notified Twitter and Google about the issue, both of which have removed the offending accounts and links.

More from Entrepreneur

Get heaping discounts to books you love delivered straight to your inbox. We’ll feature a different book each week and share exclusive deals you won’t find anywhere else.
Jumpstart Your Business. Entrepreneur Insider is your all-access pass to the skills, experts, and network you need to get your business off the ground—or take it to the next level.
Are you paying too much for business insurance? Do you have critical gaps in your coverage? Trust Entrepreneur to help you find out.

Latest on Entrepreneur

Entrepreneur Media, Inc. values your privacy. In order to understand how people use our site generally, and to create more valuable experiences for you, we may collect data about your use of this site (both directly and through our partners). By continuing to use this site, you are agreeing to the use of that data. For more information on our data policies, please visit our Privacy Policy.