The Google Docs Phishing Scam and why its so dangerous

Online phishing scams usually have a certain type of victim. The elderly, the young, the technologically inexperienced. These types of people, through no real fault of their own, do not have the experience or training on how to spot phishing scams online – commonly becoming the latest casualties in scams that have been repeated for decades. Millennials, the technologically adept, and the professional are the three types of people generally quite resistant to online phishing scams. They fall victim now and again and do make up some of the statistics, but are far less likely than other demographics. Those who grew up in the age of the internet know all too well how to spot and avoid common phishing scams and many professionals even take courses in this subject.
This is why a recent scam has gathered so much attention. People’s ears began to prick when they heard that a phishing scam was tearing across the internet and that most of its targets by a significant amount were professionals and young people – the very people who should be hardest to target. Entire companies were falling victim. Not ones that you’d expect, either. These were not mechanics or farms whose online presence is just part of their overall business but media companies and online marketing specialists. Companies who live and breathe the online world. Companies who should know better. For example, around 2,500 employees of the state of Minnesota in the United States received this e-mail. Very few fell victim, but still enough to cost the state around $90,000. This cost was mainly due to lost time rather than damage – but it is still $90,000 better used elsewhere. Fortunately, the state of Minnesota rarely uses cloud documents (most government agencies are lucky to even use tech from the same century as the rest of us), so the damage could have been far worse.
The reason for this target audience becomes quite clear when you understand the hows and whys of this scam. Essentially, the target receives an email stating that someone has added them to the authorized users of a Google Doc, and invites them to click a link to view it. This takes you to your account screen where you can see all the Google accounts you’re logged in to. You pick which one you want to view the document with and then a service called Google Docs requests permission to access your details. All of your details. This is not Google. This is a phishing scammer.
The Google Docs Phishing Scam did not use keyloggers, trojans, viruses, fake websites or threats to accomplish its goals. It pretended to be a regular part of the user’s routine. The professional, the millennial who uses the cloud for study or work, or the technologically adept person who might use Google Docs to store data would not have blinked twice at being invited to make an edit. This is especially true of companies that regularly operate in the online sphere. Heck, as a Tech Freelancer myself, I get random unsolicited Google Docs requests all the time that are usually followed up by an e-mail from someone asking if I can take a look, see if I can help them and give them an estimate on cost. I would have fallen hook, line and sinker for this scam if it had targeted me. Fortunately, thus far I have been lucky.
So now that we know what is going on – what is being done? Google itself has stated that it is reacting to this phishing scam and that they have “disabled offending accounts” and “removed the fake pages, [and] pushed updates through Safe Browsing.” They also said in a statement that their “abuse team is working to prevent this kind of spoofing from happening again.”
Even more important, what do YOU do now that we know what is going on? To help protect yourself, use the Password Alert feature to alert you if your details are detected being used on anything other than Google’s services. Also, before clicking a link in any email, have a look around for anything suspicious. Look at the email address it is coming from carefully. Is it support@paypal.com or is it support@paypal.wb3.com? Check for spelling mistakes that wouldn’t be there on official company marketing or support copy. Be careful of urgent or threatening language, and if in doubt contact the actual company yourself to confirm that this is legitimate.
If you think you may have been a victim of this scam already, make sure to go to the Permissions page of your Google account, revoke access to the service “Google Docs” and then change your password.
This scam continues to claim victims from all over the world, with college students and professionals receiving a large quantity of the e-mails in question. Like always, make sure to stay vigilant and give every suspicious e-mail the scrutiny it deserves. This way you can avoid this latest scam and the other copycat ones that will no doubt follow it.

Remember – the best cyber security tool is common sense!

Comments

Post a Comment

Popular posts from this blog

TWINKLE KHANNA TAKES PARIS BY STORM

Image
Talk about  asli yaari ! Not only has  Twinkle Khanna  made it a point to maintain her friendship with childhood bestie  Bindya Lulla , ‘Mrs. Funnybones’ has actually taken time out from her many pursuits to travel around the world with Bindya over the years — often “dragging their families” along too (as Twinkle puts it). After 35 holidays together, Tina and her fashion designer BFF recently decided to revisit Paris — and if their vacay posts are anything to go by, major envy is justified. “We first came to Paris in 2002 and now 15 years… later, here we are again,” says the author and interior designer, in a Facebook post dated May 29. Opting to rent an apartment instead of checking into a hotel, the author and her New York-based bestie are living it up in the French capital — shopping for everything from wine, bread and eggs to a humongous potted hydrangea! Their incredibly well-appointed airbnb apartment has us longing for another holiday (despite having o...
Read more

JAC Jharkhand board Class 10 results shows all-time-low pass percentage of 57 of over 4 lakh examinees making the grade.

Image
The Jharkhand board’s class 10 results declared on Tuesday witnessed an all-time-low pass percentage since 2005, with only 57% of over 4 lakh examinees making the grade. Out of the 4,67,193 students who registered for the exams, 4,63,311 appeared for the papers, and only 2,68,308 passed. Fewer boys than girls had taken the exams, but they outperformed the girls by achieving a pass percentage of 60.88. Girls lagged behind with a pass percentage of 55. According to the Jharkhand Academic Council (JAC) which conducts the exams a total of 2,28,859 boys and 2,34,453 girls had appeared for the class 10 exams. JAC chairperson Arvind Singh said that the examination and evaluation were conducted under strict security across the state. All the evaluators checking answer sheets at the 911 centres were under CCTV surveillance in a bid to prevent any malpractices in the evaluation, he said This is not the end of life, it is just the beginning. I congratulate the students who have done ...
Read more
Image
zThe price of a bitcoin has continued to rise overnight, passing $9,900 for the first time this morning. Since setting new highs yesterday, prices climbed more or less steadily until finally passing $9,900 at 07:50 UTC today. The new record of $9,900.05 was reached roughly 35 minutes later, At press time, prices are at $9,400 levels – up 3.44 percent for the session.  CoinMarketCap  data indicates that bitcoin has risen 8.16 percent in 24 hours, and 18.8 percent over the last seven days. Bitcoin’s amazing gains have helped drive the combined market value for all cryptocurrencies to yet another at new high of $294 billion. Bitcoin’s market capitalization is now almost $154 billion. src='//ad.a-ads.com/784197?size=990x90' scrolling='no' style='width:990px; height:90px; border:0px; padding:0;overflow:hidden' allowtransparency='true'></iframe>
Read more