Among the most coveted targets of phishing scammers is gaining access to your Gmail account, where you’re probably storing a gold mine’s worth of information. Wednesday’s Google phishing scam gives hackers full control to all your emails and enables them to use your account as a beachhead to target others.
The scheme leverages a legitimate feature that allows other apps to authenticate you through your Google account or gain access to other areas. For instance, Slack uses this feature to allow you to share Google Drive files with another team member. WordPress uses it to enable you to automatically share your posts on your timeline. Other services might use it to allow you to import contacts.
But some applications, like the fake Google Drive app that surfaced Wednesday, will demand full access to your account. (The real Google Drive app doesn’t need your permission to access your account because it’s already part of it.)
This is not the first time that Google app connections were put to ill use. Earlier this year, it was revealed that Unroll.me was using the feature to sell user information to ride-hailing app Uber. Last year, the famous mobile game Pokémon Go was found to accidentally have full access to your Google account (the flaw was later patched).
Unfortunately, a considerable number of users blindly approve app access to their Google accounts without reviewing the requested privileges. Fortunately, you can revoke those privileges. And now’s a good time as any to be worried about who has access to your Gmail account.
How to remove apps from your Google account
To review and readjust apps that are connected to your account, go to your Google Account page and click on Connected Apps & Sites > Manage Apps (you can alternatively click on this link):
A list of all the apps that have access to your account appears. Clicking on each app expands it, providing you with details about what kind of information or features it can access. Be wary of apps that have full access to your account.
To terminate the app’s access to your account, simply click on the Remove button. It’s as simple as that.
Now, go clean up that account of yours.
Ben Dickson is a software engineer and the founder of TechTalks. Follow his tweets at @bendee983 and his updates on Facebook.