Watch out for the Google Docs phishing scam

Phishing scams are beginning to look more and more like the real thing. A sophisticated phishing scam is spreading rapidly; at least 500 state mail users have received it. It is possible that your City account may be a target of what is being called the “Google Docs phishing scam.” If you have a Google account, you need to be extra careful.

What it looks like

You will receive an email stating that the sender has shared a document with you. You may or may not know the sender. The subject line usually contains the sender’s name and states that the person “has shared a document on Google Docs with you.” It looks something like this:

GoogleDocs051717

The message includes a link to “Open in Docs,” which isn’t unusual if you’ve ever shared a document stored in Google Docs. In the “To:” area, however, you will see what appears to be automatically generated gibberish.

How the scam works

Hover over the “Open in Docs” link and you’ll see that it points to a document in Google, which is reasonable. If you clicked on this link it would take you to the real Google login page.

Here is where the damage occurs. If you log in, you’ll be redirected to a malicious third-party site that asks you to grant permission to access your email account. If you granted permission, your email account would be compromised. Cybercriminals would then send similar spam messages from your account to your contacts and other addresses you’ve used to target more victims. It would look to them as if you have sent them a document to view.

The scam is believed to bypass current safeguards such as two-factor authentication or email alert mechanisms.

What to do if you have clicked on such a document

  1. Go to https://myaccount.google.com/permissions.
  2. If you see an entry for "Google Docs," click on it and then click the “Remove” button.

You will only see Google Docs on the list if you granted permission to this fake Google Docs app. If you do not see Google Docs on the list, then you should be safe and have nothing to remove.

Change your email account password if you clicked on the doc or any links in the phishing email. Make sure to use long and strong passwords on all your accounts and unique passwords for each account. And as always, pause and think before you click on any links. The account you damage could be your own.

If you receive one of these emails

Notify the IT Service Desk right away. Do not click on the documents. You may be asked to either forward it to spam@minneapolismn.gov or delete it.

For more information:

 https://www.symantec.com/connect/blogs/google-docs-users-targeted-sophisticated-phishing-scam

Published May 12, 2017

QUICK LINKS

Home

Contact us

Email updates

Find a service

About this site

For employees

Accessibility:
For reasonable accommodations or alternative formats, contact 311.
People who are deaf or hard of hearing can use a relay service to call 311 at 612-673-3000.
TTY users can call 612-673-2157 or 612-673-2626.

Para asistencia 612-673-2700, Yog xav tau kev pab, hu 612-637-2800, Hadii aad Caawimaad u baahantahay 612-673-3500. 

CONNECT

311 call center

TTY relay service

 

facebook25x25 twitter25x25 youtube25x25 Minneapolis311icon logo tv 14 footer icon image linkedin_32x32




mpls-logo-white120