Pinterest Stumbleupon Whatsapp
Advertisement

You get a link to a Google Doc. You click it, then sign in to your Google account. Seems safe enough, right?

Wrong, apparently. A sophisticated phishing setup is teaching the world yet another lesson about online security.

What is phishing, and how do scammers use it? What Exactly Is Phishing & What Techniques Are Scammers Using? What Exactly Is Phishing & What Techniques Are Scammers Using? I’ve never been a fan of fishing, myself. This is mostly because of an early expedition where my cousin managed to catch two fish while I caught zip. Similar to real-life fishing, phishing scams aren’t... Read More Basically, phishing means getting users to voluntarily type their username and password, often by using a false login page. Such pages are usually easy to spot for net-savvy users, but this recent example of phishing is noteworthy for how realistic the login page looked. It could have fooled just about anyone, and had a Google URL.

phishing-login-image

Here’s how it worked: victims got emails with the subject line “Documents.” The email itself contained what looked to be a link to the a Google Doc – complete with an actual “Google.com” domain – and pointed users to what looks like a legitimate Google login screen.

It’s not uncommon for users to need to sign in before seeing a Google Doc, so many dutifully typed their passwords. They were re-directed to an actual Google Doc, but their username and password weren’t used by Google: criminals recorded them instead.

Advertisement

Google claims all such pages have since been taken down, but it’s still worth being vigilant. Don’t click links to Google Docs if you’re not sure of the sender. If you must, check that you’re logged into Google Docs before clicking through the link.

phishing-scam-google-docs

That will only protect you from this one incident, though, which brings us to the scary thing about this: it’s becoming harder and harder to advise people about security. We’ve previously outlined four ways to avoid phishing scams 4 General Methods You Can Use To Detect Phishing Attacks 4 General Methods You Can Use To Detect Phishing Attacks A "phish" is a term for a scam website that tries to look like a site that you know might well and visit often. The act of all these sites trying to steal your account... Read More , and it’s not altogether clear any of them would have helped in this case.

Google advises you change your password if you suspect you’re a victim. While you’re at it, we recommend you also lock down your accounts with two-factor authentication Lock Down These Services Now With Two-Factor Authentication Lock Down These Services Now With Two-Factor Authentication Two-factor authentication is the smart way to protect your online accounts. Let's take a look at few of the services you can lock-down with better security. Read More . With that turned on, getting your password won’t be enough for criminals to access your account – they’ll also need your phone.

Source: Symantec.com

Leave a Reply

Your email address will not be published. Required fields are marked *