Phishing

After Docs Phishing Scam, Google to Call Out Unverified Apps

Google is rolling out a new 'unverified app' warning screen, which will appear when you encounter web apps Google has not confirmed as authentic.
After Docs Phishing Scam, Google to Call Out Unverified Apps
Image credit: Shutterstock
3 min read
This story originally appeared on PCMag

Google is beefing up security following the major Docs phishing scam in May.

The Web giant is rolling out a new "unverified app" warning screen, which will appear when you encounter web apps that have not yet been confirmed to be authentic by the company.

"This app has not been verified by Google yet," the screen reads. "Only proceed if you know and trust the developer…unverified apps may post a threat to your personal data."

Google currently displays an error page when users and developers try to access unverified web apps. In a blog post, Google identity team member Naveen Agarwal and G Suite Developer Advocate Wesley Chun said the change "will help reduce the risk of user data being phished by bad actors."

The new warnings come after online miscreants in May launched a phishing campaign targeting Google accounts. Victims received fraudulent emails that included what appeared to be a Google Docs link. Clicking the purported Google Docs button in the message took users to an actual Google page, which asked them to grant access to an app masquerading as Google Docs. Those who granted permission inadvertently gave attackers full access to their email messages and contacts.

In the coming months, Google plans to extend the verification process and new warnings to existing apps as well. That means developers of some current apps "may be required to go through the verification flow," Agarwal and Chun wrote.

"We're committed to fostering a healthy ecosystem for both users and developers," they added. "These new notices will inform users automatically if they may be at risk, enabling them to make informed decisions to keep their information safe."

Meanwhile on the security front, researchers at social media security firm ZeroFOX over the weekend disclosed a "large-scale, spam pornography" Twitter botnet called Siren.

The company identified more than 8.5 malicious million tweets from nearly 90,000 accounts related to the campaign, making Siren "one of the largest malicious campaigns ever recorded on a social network." Links in the tweets redirected users to websites that encouraged them to "sign up for subscription pornography …or fake dating websites" known to be scams.

ZeroFOX said the campaign, which has now been shut down, was "incredibly successful," generating more than 30 million clicks from victims. The company notified Twitter and Google about the issue, both of which have removed the offending accounts and links.

More from Entrepreneur

Are paying too much for business insurance? Do you have critical gaps in your coverage? Trust Entrepreneur to help you find out.
Get Your Quote Now

One-on-one online sessions with our experts can help you start a business, grow your business, build your brand, fundraise and more.
Book Your Session

Whether you are launching or growing a business, we have all the business tools you need to take your business to the next level, in one place.
Enroll Now

Latest on Entrepreneur

My Queue

There are no Videos in your queue.

Click on the Add to next to any video to save to your queue.

There are no Articles in your queue.

Click on the Add to next to any article to save to your queue.

There are no Podcasts in your queue.

Click on the Add to next to any podcast episode to save to your queue.

You're not following any authors.

Click the Follow button on any author page to keep up with the latest content from your favorite authors.

Don't Fall for This Google Docs Phishing Scam