Google recently confirmed a phishing attack was used to target roughly 1 billion Gmail users worldwide. With the phishing attack, cybercriminals attempted to gain control of Gmail users' email histories and spread a vulnerability to all of their contacts, according to Google.
As part of the Google phishing attack, Gmail users received a vulnerability disguised as an email from a trusted contact.
The email included a Google Docs file, and Gmail users who clicked the link to open the file were taken to a real Google security page. Then, Gmail users were asked to provide the sender with access to their Google contact lists and Google Drive.
The vulnerability was exposed for only about one hour and affected "fewer than 0.1 percent of Gmail users," a Google spokesperson told NBC News. However, the culprits behind the phishing attack remain unknown.
Google is currently investigating the phishing attack. The company is encouraging Gmail users not to click through the phishing email and report it as phishing within Gmail.
In addition, Google has disabled the offending accounts and is urging Gmail users who may have been affected to complete a Security Checkup to remove unwanted apps.
Phishing represents the top delivery vehicle for ransomware and other malware, endpoint protection company Barkly noted in a prepared statement. As such, phishing attacks are unlikely to go away any time soon.
Fortunately, MSPs can provide education to ensure their customers are prepared to identify and address rapidly evolving phishing attacks.
Here are three tips to help MSPs teach customers about phishing attacks.
Ultimately, education can play a key role in a business' efforts to minimize the effects of phishing attacks. It ensures an MSP can help businesses take a proactive approach to phishing attacks and reduce the risks associated with various cybersecurity dangers.
