Timing is everything: Google announced an update to its Gmail client this week that will warn users if they follow a link from a suspected phishing email, telling them that the site they’re about to visit may try to trick them into “disclosing financial, personal or otherwise sensitive information.”
That update couldn’t come soon enough. On Wednesday afternoon, a major phishing attack made the rounds among Google email users, with targets including journalists and employees at media and entertainment companies.
The attack in question consisted of an email that supposedly was coming from a known contact, prompting recipients to open a document in Google Docs. Anyone who followed that link was led to a page that looked like a Google Docs sign-in, but instead was designed to give the attacker access to their victim’s email account.
Breached accounts were then harvested for additional emails to send out new invites, leading to a rapidly spreading attack. To make matters worse, the attacker actually hosted some of his code on Google’s servers, which made it look like users were never leaving the company’s services.
The company quickly disabled the attack, and even retroactively marked any of its malicious emails as spam. Fewer than 0.1 percent of all Gmail users were reportedly affected by it. Still, with over 1 billion Gmail users, that number could be as high as one million, showing why Google might want to step up its fight against phishing.
Correction: 12:45pm: This post previously stated that the new security features were only available to corporate Gmail for Android users, but they’re actually being rolled out to everyone who uses Google’s Android Gmail app.