How to protect your Google account from phishing?
Google users are once again under attack by spammers who are using a novel phishing technique (which appears as a Google Docs hyperlink sent via email) to gain access to users' accounts. While Google is already working to solve the issue, here's what you can do to protect yourself from this particular attack, as well as phishing attacks in general.
#1. Just delete the email with the malicious link
The method being used by spammers here is through email. In this case, the malicious emails all appear to have come from a contact, but they are actually from the address "hhhhhhhhhhhhhhhh@mailinator.com" with recipients BCCed. In case you receive such a mail, go old school and just delete it.
#2. Using multifactor authentication
The best line of defense in this case is to use multifactor authentication. After you turn on this feature, whenever you log in from an unrecognized computer, you will receive an OTP on your phone which you can then use to log in. This is the most basic, yet one of the most effective methods to prevent unauthorized access.
#3. Revoking access after your password has been compromised
In case you have already clicked on the Google Docs malicious link, spammers will, in all likelihood, have third party access to your Google account. You can revoke this access by going to "https://myaccount.google.com/permissions", and revoking access to Google Docs.
Tips for general awareness against phishing
In general, long, distinct passwords which cannot be found in a dictionary is your first line of defense. It also helps to change passwords periodically. Most importantly, it is imperative that you report any phishing attack. You can do this by clicking on the down arrow in the top right corner of your inbox (beside the "Reply" button) and clicking "Report phishing".