Watch out for the Google Docs phishing scam
Phishing scams are beginning to look more and more like the real thing. A sophisticated phishing scam is spreading rapidly; at least 500 state mail users have received it. It is possible that your City account may be a target of what is being called the “Google Docs phishing scam.” If you have a Google account, you need to be extra careful.
What it looks like
You will receive an email stating that the sender has shared a document with you. You may or may not know the sender. The subject line usually contains the sender’s name and states that the person “has shared a document on Google Docs with you.” It looks something like this:
The message includes a link to “Open in Docs,” which isn’t unusual if you’ve ever shared a document stored in Google Docs. In the “To:” area, however, you will see what appears to be automatically generated gibberish.
How the scam works
Hover over the “Open in Docs” link and you’ll see that it points to a document in Google, which is reasonable. If you clicked on this link it would take you to the real Google login page.
Here is where the damage occurs. If you log in, you’ll be redirected to a malicious third-party site that asks you to grant permission to access your email account. If you granted permission, your email account would be compromised. Cybercriminals would then send similar spam messages from your account to your contacts and other addresses you’ve used to target more victims. It would look to them as if you have sent them a document to view.
The scam is believed to bypass current safeguards such as two-factor authentication or email alert mechanisms.
What to do if you have clicked on such a document
- Go to https://myaccount.google.com/permissions.
- If you see an entry for "Google Docs," click on it and then click the “Remove” button.
You will only see Google Docs on the list if you granted permission to this fake Google Docs app. If you do not see Google Docs on the list, then you should be safe and have nothing to remove.
Change your email account password if you clicked on the doc or any links in the phishing email. Make sure to use long and strong passwords on all your accounts and unique passwords for each account. And as always, pause and think before you click on any links. The account you damage could be your own.
If you receive one of these emails
Notify the IT Service Desk right away. Do not click on the documents. You may be asked to either forward it to firstname.lastname@example.org or delete it.
For more information:
Published May 12, 2017