Google has rolled out a critical security update for Gmail on iOS.
The update fixes a major security loophole which was discovered earlier this year that allowed hackers to send users an email with a Google Doc attachment, which contained a phishing malware.
Anyone who clicked on the link unwittingly gave hackers access to their Google account, including emails, contacts and online documents.
Some users we also redirected to a website designed to capture victim’s passwords.
Speaking to Reuters in the immediate aftermath of the attack, Aaron Higbee, chief technology officer at PhishMe Inc. said: “This is the future of phishing.
“It gets attackers to their goal … without having to go through the pain of putting malware on a device.”
“This is a very serious situation for anybody who is infected because the victims have their accounts controlled by a malicious party,” said Justin Cappos, a cyber security professor at NYU Tandon School of Engineering.
Not long after the attack, Google released a security update for Gmail on Android which closed the loophole and gave users better protection from phishing and malware.
The same update has now been pushed out for Gmail on iOS.
The update adds a new prompt warning you about the dangers of clicking on a suspicious link.
“Going forward, when you click on a suspicious link in a Gmail message on your iPhone or iPad, we’ll show the warning below. We recommend that you use caution before proceeding because the link is likely unsafe. Only proceed if you’re confident there’s no risk,” Google said.
What is phishing?
Phishing occurs when hackers send you what looks like a legitimate email from a reputable company or person. Emails can sometimes even be disguise to look like they have been sent from one of your contacts.
The email will normally include a link or attachment, which when clicked on can install malware onto your device or can be used to direct you to a spoof webpage, designed to look like the real thing, which asks you to enter your login details for an important online account, such as your bank, email, social media or PayPal account.
Phishing and ransomware are the biggest cyber threats for users and businesses today.
To avoid becoming a victim of a phishing attack make sure you are running the latest versions of software, apps and operating systems and make sure you have antivirus software installed on your device.
You also need to be vigilant when opening emails. Never open an email you think is suspicious or from a dubious source.
Even if the source looks legit but you are still unsure, call the contact to confirm they sent you the email before you open it.