Google is adding a set of features to its security roster to prevent a second run of last month’s massive phishing attack.
The company is adding warnings and interstitial screens to warn users that an app they are about to use is unverified and could put their account data at risk.
This so-called “unverified app” screen will land on all new web apps that connect to Google user accounts to prevent a malicious app from appearing legitimate. Any Google Chrome user landing on a hacked or malicious website will recognize the prompt as the red warning screen.
Some existing apps will also have to go through the same verification process as new apps, Google said.
Google also said it will add those warnings to its Apps Scripts, which let Google use custom macros and add-ons for its productivity apps, like Google Docs.
“These new notices will inform users automatically if they may be at risk, enabling them to make informed decisions to keep their information safe, and will make it easier to test and develop apps for developers,” said Google.
In case you missed it: Gmail users were hit by a new kind of phishing attack last month that masqueraded as a document stored in Google Docs. The attack worked by tricking users into thinking the email came from a person known to the recipient. When the email link to the purported document was opened, a page pointing to a Google-hosted fake app named “Google Docs” would ask for that person’s account permissions — including contacts — which would be used to email everyone in the contacts list of the person’s email account.
News of the attack spread like wildfire, even though Google said that only 0.1 percent of accounts were affected.
The company also tightened the screws on policies and enforcement on OAuth applications that use the Google platform.