The Google Docs phishing attempt is almost impossible to differentiate from a real Google request if you don’t know the warning signs. With this latest scheme on the rise, it’s critical to verify that your employee’s information hasn’t been compromised.
What does this scam look like?
This scam has had a serious impact due to the fact that it’s difficult to spot – even with a trained eye. The email seems like a perfectly legitimate alert that someone wants you to view a Google document.
The biggest red flag can be if you don’t recognize the name of the person who is sharing the document, however there are reported cases of the name being someone from the recipient’s contacts. Always lean on the side of caution and assume it isn’t a safe link until the person on the other end can confirm that they initiated the alert. In instances like this one, it is best to verify the legitimacy of the email by phone rather than by email.
Below is an example of a legitimate alert with the name of the document included in the email:
Google has responded to this epidemic with great force and is working to disable the scammer accounts and push updates through Safe Browsing. They also encourage that users who see these emails report them immediately:
Source: Twitter.com user Gmail
What can I do if I clicked?
Information has already started flowing into the hands of the scammers, but there are steps you can take to push unwanted visitors out of your account.
The most important would be to revoke all privileges to the scammer’s account. You can do this by going to https://myaccount.google.com/permissions > Revoke Access to Google Docs > Choose the Contact and Drive.
After this step, it’s important to change your passwords to something new that you’ve never used before for any of your online accounts. The best way is to randomly generate a secure password and, if you’re dealing with sensitive information, implement Multi-Factor Authentication.
If you still feel like your system or information is at risk, contact us for an assessment and specific, result-based feedback.
How do I keep scams like this from impacting my business?
Because these emails are slipping through spam filters, you have to rely on the people receiving them to know the red flags. With End User Security Awareness training, your employees will be better equipped to recognize these advanced threats.
AtNetShield includes testing and training your employees which has shown dramatic results. On average, the rate of employees who fell for phishing attempts dropped from 15.9% down to 1.2% in only 12 months.
Contact us today for how to help your employees learn when not to click.