If you receive a Google Doc link in your inbox, check it carefully before you click – even if it looks like it came from an email address you trust. There’s a wide-spread phishing scam impersonating a Google Docs request. It tricks users into granting permissions to a third-party application. While Google has taken steps to neutralize this particular phish, users should be cautious.
This is how it works…You receive an email from someone who has added to you to a Google Doc with a link to view it. Clicking the link takes you to a legitimate account screen, listing all the Google accounts you’re logged into. From there, you choose one to use for viewing the document or you if not logged in, you are prompted to log in. The malicious document asks for privileges to access your account, your contacts, your passwords, your e-mails, and more.
If you have already clicked this type of link, go to the Permissions page of your Google account and revoke access to a service called “Google Docs” and then change your password.
To protect yourself in the future, Google offers a tool called “Password Alert” that warns you if you type your Google account credentials into any web page not belonging to Google. Always take a few seconds to look for suspicious content in e-mails before clicking.
Want to learn more about how to protect against increasingly sophisticated phishing attacks? Call ISD and ask about our Cyber Security Suite.