That massive Google Docs phishing attack from May 3rd was more than a little disconcerting, but Google is trying to set minds at ease. It just outlined how it responds to this email trickery — including how it intends to prevent incidents like the one that just wreaked havoc. It’s shoring up its defenses by tightening its policies on third party authentication (the Docs attack steered users toward a bogus app using a Google sign-in), refining its spam filtering to target Docs-style campaigns, and more closely monitoring apps that ask for your data.
The internet pioneer already has a number of anti-phishing measures, such as machine learning-based detection, Safe Browsing, email attachment scanning and extra security measures for suspicious-looking logins.
Google stresses that the May 3rd attack didn’t do much damage. Fewer than 0.1 percent of its users were affected, it says. That’s somewhat comforting, but it was still hard to escape the phishing campaign for the brief hour it ran rampant. Even that small a portion of Google’s user base still represents many, many people. The stepped-up anti-phishing efforts might be necessary to prevent another large-scale mess.
Source: Google Security Blog
