Over the past few days you have probably heard about this new phishing scam that surfaced, which tricked people into entering their Google login information on a fake Google docs sign-in page. If not, here are a couple great articles from The Huffington Post and Gizmodo that really help explain the scam.
This scam was a tricky one because of how difficult it was to identify. A person would receive an email with the subject line of “Documents”. When they opened it up they were given a link to click on which took them to a page to login to their Google Drive account.
Google has recently released a statement saying that they have taken care of this scam and removed the fake pages, but that if users are worried that they may have fallen victim to the scam they should immediately change their password.
The tricky thing about this scam is how much the fake login page looked like the real one. In fact, if you were to put the two side-by-side, it is almost impossible to tell the two of them apart. The scammers were able to do this because they were actually using Google’s servers. They signed up on Google, and created a real folder with a document on their Google Drive account. Then, by marking this document as “public”, and using the preview feature, they were able to get a URL they could send out in an email.
Once a user entered their information on the fake login page, the scammers were able to get access to it. This means they had access to your Google information, and were able to do things with your account, like purchase things through Google Play, change information, and post as if they were you on your Google+ page.
While this was a difficult scam to identify, there were a couple of red flags:
The email address and subject line
If you were not expecting someone to share a Google Document with you, there would be no need to open up an email or log in to a Google account to see a document someone has apparently shared with you. Also, and most especially, if you don’t recognize the email address.
The login page
The majority of people won’t usually log out of their Google accounts, they will just keep them running. Occasionally, when you try to access something like Google Documents, it will ask you to enter your password again. But, when this happens the sign in page usually has your picture and email address for the account already entered and showing on the login screen. If you are someone who keeps your Google account signed in and you were taken to a blank login screen, chances are it was a scam.
Scams today are getting harder and harder to identify. That is why it is so important to make sure that we all stay extra vigilant when it comes to clicking on links and opening emails.
Some key guidelines to follow:
- If you don’t know who it’s from, don’t open the email.
- If you are at all skeptical about the link, don’t click on it.
- If you receive a personal email (such as a shared Google Doc) that you were not expecting, don’t open it. Call up the sender to confirm, or if you don’t recognize the sender, delete the email.
- Make sure to change your passwords regularly. Try not to keep a password longer than 6 months.
- Don’t use the same password for all your accounts. If hackers figure out one password, you don’t want them to have access to multiple accounts.
- When it doubt, better safe than sorry. It is better to delete an email than risk a virus or having your information stolen.
Remember too, you can always call up your IT support. They are there to help you.