Gnosys Tech Blog

The New “I Love You” Virus

A new threat is making the rounds. Employees at companies that use Gmail for an email service, along with individual Gmail users are falling victim to a new scam.

It goes something like this:

You receive an email from someone you know. It tells you that they have shared a document with you. When you click the link, you are redirected to a legitimate Google login page. As usual, you are prompted to select one of your Google accounts (this is all using Google’s actual sign-in scripts), and then accept a legitimate looking app called “Google Docs” to manage your emails.

The app requests permission to read, send and delete emails, but it isn’t really a Google app at all. It’s an app controlled by hackers. Once the app has permission to manage your email, it starts sending out to all your contacts with the same link, spreading itself on down the digital highway.

It’s a new take on the old “I Love You” outlook attack from the later 90’s.

Not only that but consider that personal and company email accounts are often used as the recovery email addresses for many online services. This could provide access to Amazon, Facebook…even banking accounts. If it’s associated with your compromised Gmail account, it’s at risk.

The usual rules apply to keep yourself safe from this scam: If you are not expecting a shared document, don’t click on the link unless you can verify that the alleged sender actually sent it.

If you are reading this too late, you should immediately set up two-factor authentication on any important accounts. I recommend using your cell phone number for the secondary authentication.

Next go to myaccount.google.com > Sign-In > Security > Connected Apps. If there are any apps on the list that you do not recognize, delete them… worst case is that something you want stops working until you add it back.

As always, feel free to contact us at www.gnosysnetworks.com or call us at 352.870.2034 for assistance.