Were You Affected By the Google Docs Phishing Scam?
May 04, 2017
You probably have heard by now, if you weren’t a victim yourself, of the phishing scam that went viral via Google Docs yesterday. Targeting Google’s estimated 1 billion users worldwide, the hack sought to gain control of users email histories and spread to their entire contact list. The worm, which came in the form of an email from a contact, asked users to open an attached Google Docs file. Clicking on the link took them to an authentic Google security page where they were then asked to give permission for the fake app to manage users’ entire email account.
Very clever, and unfortunately, very common. Not all go viral, however, which is what has made the Google Docs scam so big.
It’s too early to know the magnitude of the damage or what type of info the attack gathered. Google said that it disabled the problematic accounts (only 0.1% of all Gmail accounts were affected), but if you have a Google account, it’s still a good idea to take some basic action. Here’s what you should do:
1) Change your password. Go to your Google Sign In page and choose a strong password, one that ideally uses a mixture of upper and lowercase letters, numbers and symbols.
2) Turn on Two-Step Verification. You can do this on your Google Sign in page under “Password & Sign-In Method.” This will add an extra layer of security by requiring a password or number sent to your phone or another email address. I recommend that all of your devices require Two-Step Verification.
3) Google offers a Security Check Up feature that does a quick run-through of your settings. If you see anything fishy (or phishy), you can take action.
4) To learn more about how to protect yourself and your company from phishing attacks, read our Phishing for an Unwitting Accomplice whitepaper.
These types of scams aren’t going away – in fact, they’re only getting more frequent. Knowing what to do to keep your information safe and minimize risk is now the responsibility of everyone at the user level.