Check before you open that Google Doc
Google has been in the news lately and not for any positive publicity. Google’s mail application, Gmail, is being used by an attacker in a phishing attack. If you are a user of Gmail, you may have received an email from someone you know asking you to open a Google Doc. Once you click on the fake Google Docs, you are asked to give permissions for the app to be able to “read, send, delete and manage email as well as manage contacts.” The app then spreads itself through your contacts and others.
While this attack may not seem too major, consider how John Podesta’s emails were hacked. While we may not be working for the Democratic National Committee, we do use our email addresses for forgotten passwords for our online bank accounts, social media, and shopping sites.
Google has claimed to block the attack through the “removal of fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems,” but users should still be vigilant in protecting themselves. Google claims that only 0.1 percent of users were affected by the attack, but with Google having a billion Gmail users, that adds up to one million Gmail users.
Being Network Literate means that users are constantly protecting themselves in a digital environment. One way to be proactive is to always look at who the email is addressed to. In the Google case mentioned, the email was addressed to firstname.lastname@example.org. OneOp recently blogged about additional steps you should take to protect yourself from phishing. Additionally, users should use the Google Security Checkup to review their security settings and activity, and finally report phishing emails in Gmail.
Although these security checkups are mainly in response to the latest Gmail attack, users on other platforms should become even more vigilant, as copycats will probably attack other systems.
This post was published on the OneOp blog on May 5, 2017.
This work is licensed under a Creative Commons Attribution 3.0 Unported License.