A new phishing scam riding on the back of Google Docs attachments has put the world on alert.
As reported by Scamicide, the ruse is a simple two-pronged approach, but it’s deadly. It works like this:
1) You, trusting soul that you are, get an email that asks you to click on a link to open up a Google Docs file. If you do, you then give a hacker complete access to all your emails. But even worse, your contact list is also compromised, which gives the hacker a whole new pond to phish in by sending out emails that look like they’re from you;
2) When the folks on your contact list get that email, they see a link that “you” say they should click on. When they do, keystroke-logging malware is installed which, in turn, can lead to identity theft or ransomware.
What to be on the lookout for
The default verbiage in the phishing email typically says something like, “Alan sent you a Document via Google Docs Apps,” followed by a box containing the Google and Norton Security (an Authorized Partner) logos. It also contains this message: “this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.”
“It is important to remember that it is very simple for a scammer to include the Google logo and a logo for Norton Security (an Authorized Partner), so you can’t trust an email merely because it carries such logos,” warned Scamicide’s Steven Wiseman, Esq.
“A strong indication that this email was a phishing scam was that the address from which it was sent was the email address of an individual who had no connection to Google Docs.”
Vigilance continues to be key
Barely a day goes by that ConsumerAffairs doesn’t see a scam rolling across our desks. Scammers are resourceful and continue to leverage anything they can get their hands on into a cyber heist.
If you’re wondering “why Google Docs,” it’s pretty simple. With nearly 30 percent of everyone in the world using Google Docs on a daily basis, scammers figure that opening a Doc attachment is something that’s pretty normal for folks who work online.
About the only thing that is going to beat a scammer at their game is vigilance. Wiseman adds some Google-specific suggestions that consumers would be wise to read:
Before you click on links or download attachments, verify that the email is legitimate, regardless of where they may appear to originate from.
Use two-factor identification. “Even people who fell for this scam, would be safe if they used dual factor authentication for their Gmail account, which would prevent someone who had your password from accessing your account,” Wiseman stated. “With dual factor authentication, when you go to access your account a special code is sent to your cell phone if the request to access your account comes from a different computer or device that you generally use.”
Unfortunately, two-factor identification isn’t something the average consumer uses. Although it does take one extra step to confirm the validity of something like a Google Doc, the effort is well worth the time. You can sign up for Google’s dual factor authentication by clicking here.