Among the most coveted targets of phishing scammers is gaining access to your Gmail account, where you’re probably storing a gold mine’s worth of information. Wednesday’s Google phishing scam gives hackers full control to all your emails and enables them to use your account as a beachhead to target others.
The scheme leverages a legitimate feature that allows other apps to authenticate you through your Google account or gain access to other areas. For instance, Slack uses this feature to allow you to share Google Drive files with another team member. WordPress uses it to enable you to automatically share your posts on your timeline. Other services might use it to allow you to import contacts.
But some applications, like the fake Google Drive app that surfaced Wednesday, will demand full access to your account. (The real Google Drive app doesn’t need your permission to access your account because it’s already part of it.)
This is not the first time that Google app connections were put to ill use. Earlier this year, it was revealed that Unroll.me was using the feature to sell user information to ride-hailing app Uber. Last year, the famous mobile game Pokémon Go was found to accidentally have full access to your Google account (the flaw was later patched).
Unfortunately, a considerable number of users blindly approve app access to their Google accounts without reviewing the requested privileges. Fortunately, you can revoke those privileges. And now’s a good time as any to be worried about who has access to your Gmail account.
How to remove apps from your Google account
A list of all the apps that have access to your account appears. Clicking on each app expands it, providing you with details about what kind of information or features it can access. Be wary of apps that have full access to your account.
To terminate the app’s access to your account, simply click on the Remove button. It’s as simple as that.
Now, go clean up that account of yours.