Google and campus ITS have taken measures to counteract the email attack that occurred earlier this week. At this time, no further action is required from campus users.
While this security threat has been eliminated, the unique nature of this attack did highlight an important vulnerability related to connecting third-party applications to our MountaineerApps (Google) accounts.
How are third-party Google apps related to the recent attack?
In the recent attack, a third-party app masquerading as Google Docs was utilized to collect address book data from Google accounts and send messages for anyone who granted access to it. The request for access was disguised in a link that appeared to be a standard Google Document share.
What are third-party apps?
- Third-party apps are software/tools that are developed and promoted by someone other than Google.
- These apps, when installed, will often ask permission to access your Google account. If permission is granted, the third-party app can access information associated with your account.
- Some third-party apps are beneficial and can make work easier in many situations. However, other applications can be malicious and gain full access to your Gmail or Google Drive data if you agree to their terms of service.
Should I grant access to my Appstate Google account from third-party apps?
- You should never allow third-party apps that stem from email messages.
- Third-party apps are installed from distributors or dedicated websites. This process should always be initiated by you.
- Allowing access to your account is a judgment call. Important: Google doesn't review or endorse third-party websites that request access to your Google Account, and takes no responsibility for those sites. If you don't trust the website or application that is requesting your information, you should not approve the request.
How do I view/manage third-party apps that I have installed?
- It is a good idea to periodically review the applications that are connected to your accounts on a periodic basis. More information on this can be found at: https://support.google.com/accounts/answer/3466521?hl=en
- It is important to pay attention to applications that request or gain "Full account access".