Phishing Examples: Google Docs Scam

Friends of Compass,

On this blog, phishing examples are nothing new. But, it is our job to share this information with you so that you stay alert, know what the threats are, and what you can do in the event you fall victim to an attack.

You may have seen the recent reports of a Phishing scam involving Google docs currently making it’s rounds. To ensure your safety and spread awareness we’ve provided a brief outline for you and your staff detailing what to be on the lookout for and what should do in the event you’ve already clicked the bait. 

 What to watch out for (See image below):

• Invitation via email to edit a Google Doc (likely from one of your contacts)
• The mail is sent with a fake email address in the TO field (from an @mailinator.com address) with the true recipients BCC'd.
• The link will take you to a Google Docs security page asking for permission to your account.

What to do if you’ve clicked the link:

• Immediately change your password.
• Go to https://myaccount.google.com/permissions (you can type the URL in to your browser for safety) and click the "REMOVE" button next to “Google Docs”
• "Google Docs" is actually a 3rd party application impersonating the true Google Docs.
• By providing permission to this impostor app, you are granting the application the ability to access your account and read your mail.

The moral of the story is don't click the link. However, this is easier said than done, especially when the email looks legit and might even come from someone you know. If you get an email and it seems suspicious, confirm with the sender (if you know them) that they in fact sent you the email. If they didn't, that is a HUGE red flag and don't click the link! If it is from someone you don't know, just don't click the link. Resist the temptation as the only thing that you are missing out on is a bunch of trouble!