Google has issued a warning to look out for a phishing email that asks Gmail users to click on a Google Docs link. This provides an opportunity for hackers to access the user’s account which includes their email, online documents, and contacts. The hackers could possibly be using these accounts to reset passwords for sensitive financial and personal data, such as online banking accounts.
The phishing email is extremely sophisticated in that the email link looks realistic and trustworthy as it appears to come from someone from a user’s contact list. Furthermore, if a user clicks on the link, it will reproduce itself hundreds of times so that it can be sent out to all the user’s contacts.
Google is disabling offending accounts and removing malicious pages to protect users from further phishing attacks. On Wednesday, May 3rd, the company tweeted, “We are investigating a phishing email that appears as Google Docs. We encourage you to not click through & report as phishing within Gmail.”
What you can do
If you receive an email requesting to view a Google document, check the main recipient field for one key giveaway of this phishing attack: firstname.lastname@example.org.
If you receive an email with “mailinator.com” as the main recipient, report it as a phishing attempt and then delete the email.
If you do click on the phishing link, do not grant permission to connect to your Gmail account when it prompts for it.
Looking to educate your staff on identifying phishing emails? Contact BSC Solutions Group today to learn about our Phishing Security Testing & Training Service.