If you receive an email message with an invitation to share a Google Doc, beware! Cybercriminals have sent seemingly innocent messages in a phishing scam that works like this:
Security Alert – Be Careful With Google Docs
Fortunately, Google acted quickly to disable this scam after it got started. However, it's best to know how to stay safe in case it resurfaces. Here are some tips:
- You receive a message inviting you to open a Google Doc, possibly from someone you know.
- There may be some things off about the email, such as the "To" or "From" address. If you don't notice that and click the link to view the doc, you are taken to a screen to choose which Gmail account to view it with.
- The screen looks exactly like the one you normally see and even appears on a google.com URL.
- When you choose the account to use, you are taken to another screen to give permission to an application called "Google Docs," which is not a valid Google app.
- Once you give that permission, your Gmail addresses are used to send the fake mail to all your contacts, giving the scammers access to logon credentials in the process.
- Go to the permissions page within your Google account and check to see if an app called Google Docs has access. If it does, select "remove." In addition, make sure you have two-factor authentication turned on.
- Update passwords regularly and immediately change your password on an account that may have been compromised.
If you get an email similar to those described above, delete it immediately.
- Be very careful when opening all attachments, especially if they're not expected. Check the "To" and "From" addresses, and look for other signs of trickery including many typos in the body of the message.
- When in doubt, contact the sender through another method (such as text) to verify they sent you an attachment.
- Consider using the site haveibeenpwned.com to find out if your email account has been compromised in a data breach.
©2017 Cornerstone Group
Trademarks: All brand names and product names used in here are
trade names, service marks, trademarks or registered trademarks of their