Google Doc Users Beware
For those who frequently use Google Docs, double and triple-check before opening, even if it appears to come from a trustworthy source. Anyone can be a victim. A harmful phishing scam that imitated the typical Google Docs email took over the internet yesterday, including a reasonable amount of media companies. “Think before you click” may sound repetitive, but it really can save you from falling victim to cyber threats.
Google quickly took action to subdue this particular scam, and the company said that in a statement it has since disabled the accounts that are believed to have been infected. “We have removed the fake pages, pushed updates through Safe Browsing and our abuse team is working to investigate and prevent this kind of spoofing from happening again.”
Large scale phishing attacks such as this one, regularly impersonate popular internet sites and pages. Similar Google Docs scams have been spreading on the internet since at least 2014. Unfortunately, they were not easy to identify because the authenticity was so realistic and accurate, phishers utilize actual Google accounts and really interacted with Google services. The genuine looking aspect lures victims into the scams without even knowing the pages are not real.
This is how a typical Google phishing scam would sound:
-You receive an email saying someone added you to a Google Doc. “Please click the link to view
-This link then takes you to a legitimate account screen with a list of all the Google accounts you’re logged into.
-You are then asked to choose the one you want to view the document in (or log in with to view)
-At that point, the malicious Google Docs. waits for you to grant access to your account, where it then has access to your contacts, emails and other personal information.If you had already fallen victim to the link, go to the permissions page in your Google accounts and revoke the service called “Google Docs.” It is fake. Then reset your password and turn on 2-Factor Authentication, if it wasn’t on already. Protect yourself and turn on Password Alert. This is a Google tool that will alert you anytime your Google credentials are entered into any page that is not “Google’s”. For instance, if phishers are using a genuine-looking fake page, Password Alert will immediately request you change your password as soon as you have entered them into the fake Google
Clicking the links or downloading attachments should not be a regular function, even if they are from people you trust. They may be victims as well. Take time to analyze the email and the URL it came from and double-check with the “sender” to see if they really sent you something. The best protection: think before you click!
Blue Layer provides team training to educate your employees on security awareness to protect your business. Contact us today to learn more.