Do you use Google Docs? Then you know it’s a great way to collaborate on files with friends and co-workers. While lacking some advanced features, it’s an excellent free tool to share your work. Anytime you share a file, the recipient gets an email with a hyperlink for logging in to their Google account to access, view, and edit the file. So far, so good, but a new phishing scheme manages to recreate this entire process nearly flawlessly, making it very, very dangerous.
In this phishing attempt, you receive an email from a legitimate-looking contact (even.gov addresses have been reported) saying a Google Doc has been shared. If you click the link, you see a very real looking accounts.google.com address, asking which of your Google accounts you would like to log in with. If you type your password or allow “Google Docs” access to your account, the hackers gain access. Your emails, calendar, and contacts are at risk.
In terms of recovering your account, we’re not sure what can be done just yet. This phishing scam is roughly 48 hours old, so we don’t yet know how bad the damage is. If this happens to you, first thing’s first, reset all of your passwords—all of them. Even those not related to Google. Next, let your contacts know what happened so they aren’t attacked as well. Finally, clean your machine with a virus scanner. Google says the intent of this scam is stealing credentials, not installing malware, but it’s better to be safe than sorry.
How can you spot emails like this? Stop and look at the sending address. It may be labeled with a legitimate-looking address, but it looks like most of these emails have an actual address using “@mailnator.com.” The second, and most obvious thing? Ignore any emails sent about a Google Doc that you’re not expecting.
Until there’s a better handle on this phishing attempt, if you receive an email about sharing a Google Docs file, delete it. If it’s a real person sending a file, you’ll hear about it some other way. Stay vigilant!
703.715.4960 Tech Support