<

[Webinar] Streamline your web hosting managementRegister Today

x

Google Docs Scam: Identifying and Eliminating the Problem

Published on
3,925 Points
525 Views
4 Endorsements
Last Modified:

Many of you may be aware of the recent Google Docs scam emails that have been floating around coming from various people that you know. Here's a guide on identifying


How To Identify the Scam Email

You will see an email from someone you’ve had correspondence with (and in many cases know well) that contains the subject line stating that a document has been shared on Google Docs (example: John Smith has shared a document on Google Docs with you). You will not see your email address because it is in the bcc field, however you will see the email address hhhhhhhhhhhhhhhh(AT)mailinator.com appear.



The message will contain a link saying Open in Docs. Do not click this. If for some reason you do, you will get prompted to sign into your Google account if you are not already signed in. Afterward, you will be prompted to give permission to “Google Docs” access to your email and contacts.



Clicking the info button (The “i” inside of the circle) will show developer information that contains a random Gmail account. Do NOT click the allow button, as it will send the scam message to your contacts. While the adversaries do not have your password, they will have access to read emails in your account as well as to send emails from it without the need for any sort of security check (both passwords and two factor authentication get bypassed).



How do I know if I’ve been affected?

If you clicked the Allow button, then you’re affected. And you may have heard back from acquaintances, friends, and family by now. Another way to know is to check your Sent messages, and see if any strange emails have been sent.


How do I fix the problem?

Go to the Permissions section of your Google account at https://myaccount.google.com/permissions to see the apps that have access to your account. Click the one that says “Google Docs”, then click the Remove button. (In this screenshot you will WhatsApp because it is an app that was given permissions from an Android phone) Optionally, you can change your password (even though the adversary never received it) as it a good security practice to change passwords periodically. Also please be sure to check your sent mail for the scam email. Alert the recipients that not to open the email and to delete it right away, and let them know what happened.


4
Comment
Author:masnrock
0 Comments

Featured Post

Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

Join & Write a Comment

Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month