Scam Alert! Google Doc Phishing Email Could Compromise Everything Linked to Google AccountJohn Biglin, CEO | May 4, 2017
What You Need to Know:
- A very convincing phishing campaign is making the rounds masquerading as a Google Docs invitation.
- If you click this link, there is a way to reverse it through Gmail Account Settings.
- Google is currently working on blacklisting all of the domains in use and will be updating the public periodically.
There is a new phishing campaign spreading at amazing speed that is parodying an invitation to view a shared Google Doc. First things first: If you see this in your inbox, do not click on any of the links and DELETE THE EMAIL IMMEDIATELY, even if it is coming from someone you know.
When you click the link in this convincing, malicious email you are redirected to a page saying, “Google Docs would like to read, send and delete emails, as well as access to your contacts,” with an “Allow” button following. Clicking this gives the hacker access to your account, without having to enter a password and bypassing two-factor authentication. Note: A genuine Google Docs invitation would never redirect you to a permissions request.
Once in your account, hackers start automatically forwarding the same phishing email to your entire contact list, but with you as the “sharer” of the Google Doc, spreading the campaign quickly and efficiently.
What Can Be Compromised?
You may not even realize it, but many or some of your email addresses are interconnected. With the use of “recovery” email addresses for certain programs, your addresses are linked. These hackers are taking advantage of this and not only have access to your Google account, but could possibly retrieve access to other online accounts, including your social media, Apple and Microsoft. Anything associated with your Google account could be compromised.
How to Revoke Permissions
If you happen to click on the link, there is a way to reverse the actions. Follow these steps immediately to stop the hacker’s access to your account:
1. Sign in to your Gmail account permissions setting at https://myaccount.google.com
2. In the left hand navigation, click Connected Apps & Sites
3. Click “Manage Apps”
4. When you click on “Google Docs” from the list, a drop down will appear. Click the “Remove” button to revoke permissions
What is Google Doing?
The malicious apps used in this malicious campaign are being blacklisted by Google. Earlier today they tweeted:
“We are investigating a phishing email that appears as Google Docs. We encourage you to not click through & report as phishing within Gmail.”
One of the most popular questions that I receive, as it pertains to Office 365, is as follows: "When should I use Teams, Yammer and Skype for Business? Their functions seem to crossover." Many people have provided their insights in an effort to...
Are you ready to lose all your money, cancel all accounts, and probably experience a system failure? I’m sure you will never be ready for that, which is why it’s critical you recognize the anatomy of a phishing email to avoid becoming a victim. So here are several...
Password managers do more for you than just help you remember which password you used for different accounts. In this post, I am going to dig a little deeper into explaining what password managers do and how can they benefit your personal security and privacy. A...
On March 1, 2017, New York State released new regulations, titled Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500), for institutions regulated by the New York Department of Financial Services (DFS). This states that any organization...
You’ve been getting this annoying pop-up for days. You contact your IT Help Desk who asks if you would be able to send him a screen shot of the error message… but you’re not entirely sure how to do that. The “Snipping Tool” is a program...
What you need to do in the short and long term to safeguard your company and employees from cyber threats. Over the last week, organizations across the globe were hit with a massive cyber attack involving ransomware. This is a type of malicious software that blocks...