Google strengthens security to keep you from getting phished


— Google wants to prevent another massive phishing attack like the one that targeted Google Docs users earlier this year.

On Tuesday, Google released new security protections to keep users safe from unverified apps, or ones that it hasn’t officially approved.

If a web app is unverified by Google and is asking you to login with your Google info, you’ll now see an warning screen with a red exclamation point. You can choose to proceed with your Google account anyway by clicking on “Advanced” on the warning page.

The new pop up targets unverified apps that are abusing OAuth, Google’s authorization system. OAuth uses security tokens instead of passwords to connect your Google account with third-party apps.

The security warnings will first apply to newly created apps, but will be rolling out to existing apps soon.

In May, the widespread phishing attack pretended to be Google Docs. The fake app used OAuth and tricked users into trusting it with their security token. The attackers could then see users’ contacts and send the phishing attempt to more people.

This type of phishing campaign is much more sophisticated than just clicking a link in an email, and users should be wary of giving their information to unverified third-party apps.

Google stopped May’s attack quickly, and a week later updated the app publishing process to better detect malicious apps.

Phishing attacks are common methods of stealing usernames and passwords to get private information. Hackers pretend to be a trustworthy source to convince you to share personal data. It’s important to make sure the sender is authentic before clicking on a link — for instance, if you don’t recognize an email sent from your bank, you can call the bank to confirm it is the ones who sent you an email.