Warning, Google Docs hit with phishing attack. On Wednesday, several users found themselves the victim of a convincing phishing attack. The attack was designed to look like an invitation to view and edit a Google Doc, and is designed to steal your Google credentials and spread through your contacts.
Not only does the email look convincing, it’s also often coming from a contact you already know. Even worse, the link takes you to a Google.com URL with a legitimate-looking login screen. However, once you log in with your Google credentials, whoever is behind the attack will have full access to your account.
Once it has them, it sends the same email to your contact list in an attempt to propagate itself. This attack is well-crafted, to the point where the easiest way to catch it before getting snared is to click the small link on the page that Google hosts to check the developer’s information. Since the attack utilizes legitimate Google account functions, however, who would think to check?
Whenever you get an unsolicited email with links or attachments, it’s critical to think before you click!
Fortunately, Google was able to apparently put the kibosh on this attack within an hour of taking action, but there’s still no indication of who was responsible for this attack or if/when they will strike again. Many individuals check their emails throughout the day, so even if a phishing attack is up for just an hour, it can still reach a lot of individuals. Therefore, it is important to understand how to avoid falling victim to emails like this in general.
First, if there’s ever any doubt of an email’s validity, check out some of the indicators that tend to go overlooked. This attack in particular had some oddities. For example, the email was addressed to “firstname.lastname@example.org.” Secondly, if an email is unexpected, it never hurts to confirm its validity with the sender through an alternate method of communication, especially if the sender is asking you to click on links that will lead you out of your email.
To protect your business, you need to be sure that your staff understands that threats like this could be a major problem. In the meantime, be sure to keep your eyes out for more email-based phishing scams and other threats. If you do come across questionable messages, don’t hesitate to report it immediately, so that everyone on your team becomes cognizant of the threat. Training your employees in things to look for with phishing attacks as well as sending out random practice ones can be really useful for your business’s safety.
Next time you see a headline like, “Google Docs hit with a phishing attack,” we hope you can now be more informed. For more information about phishing scams, social engineering tactics, and other attempts to infiltrate your network, check out our information security page, blogs on the topic, and contact the IT professionals at Symmetric IT Group at (813) 749-0895 today. Worried about phishing attacks and want to know if you currently have a hacker hiding in your system? We can run a free security audit today.