Tech

If you fell for the Gmail phishing scam, here’s what to do next

Walter Hodges | Getty Images

Don't worry if you accidentally opened that Google Doc that was floating around yesterday.

If you have no idea what we're talking about, here's a quick brief: On Wednesday, a worm started spreading around Gmail that suggested to users a friend or colleague was trying to share a Google Doc.

It was a classic phishing scam wherein an attacker tries to gain your information by tricking you into opening something. If you opened the document, you were asked to give permission for it to access your account. Then it sent itself out to everyone in your address book. Oops.

Did you do that?

If so, don't worry too much. Google says it has already disabled the offending accounts (only 0.1 percent were affected), and that it was able to stop the worm within an hour. A Google spokesperson also said "there's no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup."

Since it's not quite clear what sort of information that phishing attack could have grabbed, it's still a good idea to make some changes. We should take this event as a reminder that we're all potentially vulnerable to attack, even when the attack is disguised as an email from a friend or family member.

Here's what to do to keep yourself safe and how to access Google's Security Checkup.

Change your password

Todd Haselton | CNBC

This is easy, and you should get in the habit of doing it often. Visit your Google Account page and select the "Signing in to Google" option. Next, tap "password" and change it. If you haven't done so before, take this chance to use something unique with uppercase and lowercase letters, numbers and unique symbols.

Turn on 2-Step verification

Todd Haselton | CNBC

From the Google Account page, tap "Signing in to Google" once more and then tap 2-Step verification and enable it. This will send you a special code each time you log in. It wouldn't have helped prevent the phishing attack, but it'll make it harder for someone to sign in to your account should your password ever be compromised. It's always wise to use this option.

Perform a Google Security Checkup

Todd Haselton | CNBC

Finally, perform the Google Security Checkup that Google recommends. This checks your settings and activity to make sure that you've approved all of the apps and other content that can access your Google account. If something changed yesterday, you can revoke access during this process.

From the Google My Account page, simply select the "Security Checkup" option. Follow along with Google as it double-checks everything that has access to your account. It only takes a few minutes, and it's wise to do this a couple of times a year just to be safe.

Tell Google if you see anything else

Todd Haselton | CNBC

Finally, let Google know if you see anything else suspicious floating around. You can help the company stop future attacks, and learn a bit more about phishing emails, on Google's support page.