Solved

Link in an incoming email connects to Google instead of the document it's supposed to reach

Posted on 2014-03-15
19
320 Views
Last Modified: 2014-03-26
I'm a journalist accredited by the British Medical Journal.

They send me emails with links to recent medical articles.

In a recent email of theirs when I click the reference to a particular article, my browser opens with an invitation from Google for me to log on or to sign up.

What's the problem and what should I do to stop it happening, please?

Gordon
0
Comment
Question by:Gordon_Atherley
  • 8
  • 4
  • 3
  • +3
19 Comments
 
LVL 12

Expert Comment

by:Imtiaz Hasham
Comment Utility
Does it link to something similar to Google Docs?

You can send us the first part of the link for us to verify this.
0
 
LVL 44

Accepted Solution

by:
Darr247 earned 167 total points
Comment Utility
What email client are you using?
Outlook?  Thunderbird?  Mac Mail?

One thing you can do is 'float' the cursor over the link and check in the Status bar along the bottom to see if the actual URL of the link matches what the hyperlinked text says.
e.g. This link says it's to http://yahoo.com but it really points to Google News.
0
 
LVL 29

Assisted Solution

by:Olaf Doschke
Olaf Doschke earned 84 total points
Comment Utility
It might be a link to a document in a google drive, too.

Why don't you ask the sender? He may have wanted to share a google driver folder with you that needs you to authenticate. Another possibliity is to share documents public, but that may not be a solution with something under copyright, as a medical journal article.

But anyway, your sender should know what he/she intended.

Bye, Olaf.
0
 

Author Comment

by:Gordon_Atherley
Comment Utility
Thanks, all

1. I've notified the sender, and I'll post the gist of the reply when I get it.
2. I'm using Outlook 2013 with W7.
3. On floating the mouse over the link in the sender's email, I see this string

https://mail.google.com/mail/u/0/?  ... title of the article

4. would it still be useful if I attached a file with the link?
0
 
LVL 44

Assisted Solution

by:Darr247
Darr247 earned 167 total points
Comment Utility
I suspect if you didn't have a google account, it would just show you the article. The page is seeing a google cookie in your browser, so it wants you to logon.

I see the same thing happen on microsoft.com all the time. An ordinary link to a TechNet article here on EE forces me to logon with my passport.com address in order to view the content in my default browser (IE10), but if I paste the link into chrome or firefox it takes me to the content without having to logon.
0
 
LVL 29

Expert Comment

by:Olaf Doschke
Comment Utility
That link is very useful. The sender is sending from a gmail (google mail) account? It seems he has linked to another mail in his in or outbox. That link works for him, but not for you.

So this is not about google drive or google docs.

He should forward you that mail, not a link to the mail, because otherwise you'd need his password for his mail account.

Google does recognize you are not authenticated and therefore invites you to create a gmail account. Even if you would do that, you would never get to that mail.

Bye, Olaf.
0
 

Author Comment

by:Gordon_Atherley
Comment Utility
Thanks, Olaf

I'll report back as soon as I have the report from the sender, the BMJ.
0
 
LVL 38

Assisted Solution

by:BillDL
BillDL earned 166 total points
Comment Utility
Hello Gordon

I am wondering whether the staff member at the BMJ is simply using the browser's menu with an email open in GMail and is choosing one of the following options:
Internet Explorer: File menu > Send > Link by Email
Mozilla Firefox: File > Email Link
Google Chrome: Not sure.  No menus but possibly a keyboard shortcut. Don't use Chrome any more.

Normally this will open the default mail client (which could actually be a new email within GMail in web view), take the the full Title of the web page, and add that as the new Subject.

I have checked out my own GMail account in Webmail view in Firefox, but with a message open the URL of the page is:
https://mail.google.com/mail/ui?#FolderName/UniqueAlphaNumericID
OR, if I change the parameters from "/ui?" to "/u/0?":
https://mail.google.com/mail/u/0/?#inbox/123abc456def789ab
and not:
https://mail.google.com/mail/u/0/?  ... title of the article

I don't have any plugins enabled in Firefox to open attachments within the actual browser window, my preference being to always prompt for a Save or Open and to open externally using the associated application, but I am wondering how the URL would be modified if the sender had an email attachment open (e.g. a PDF file) and used the aforesaid "send link by email" method.  I can't test this, and I'm not terribly keen on messing around with my own settings at this stage.

Have a look at the subject lines in the emails you have been receiving with the embedded links to see if there are any tell-tale signs of it having been formed from the web page's Title.
0
 

Author Comment

by:Gordon_Atherley
Comment Utility
Thanks, BillDL

I'm learning so much from this query.

I'll look at the subject lines as you suggest. And also get back when I hear from the sender.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:Gordon_Atherley
Comment Utility
No response yet from the sender.
0
 
LVL 38

Expert Comment

by:BillDL
Comment Utility
That's OK, it's not a "blue light" job ;-)
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 83 total points
Comment Utility
Not sure if it is related, but I just heard about this yesterday:

http://www.symantec.com/connect/blogs/google-docs-users-targeted-sophisticated-phishing-scam
0
 

Author Comment

by:Gordon_Atherley
Comment Utility
Thanks, giltjr

I'll try to find out if the Symantec warning applies in my instance.

I'm still waiting for a response from the send in the UK.
0
 

Author Comment

by:Gordon_Atherley
Comment Utility
I finally got through to the BMJ. They use Gorkana for these news releases, so my notification is going to there.
0
 
LVL 38

Assisted Solution

by:BillDL
BillDL earned 166 total points
Comment Utility
Thank you for the update Gordon. There was a time, in the not too distant past, when the company you made the enquiry with would instigate their own inquiry (on your behalf should the issue relate to another party) and respond to you with the results.  Unfortunately everything is now "farmed out" to third parties.

With regard to giltjr's notification (via a link to a symantec blog entry) that Google Docs links are being used as "phishing" scams by presenting a Google login to capture details, this is not a new scam and it relates to Google Docs rather than to Google Mail, but it may be relevant.

In the aforesaid blog entry, mention is made of the appearance of the login page:

"This login page will look familiar to many Google users, as it's used across Google's services. (The text below 'One account. All of Google.' mentions what service is being accessed, but this is a subtlety that many will not notice.)"

Given that the links you are being presented with in each email are for mail.google.com and not "docs", it is possible that there is no relationship, however the possibility cannot be discounted.

It would be interesting to know which of the Google services the login page tells you that it would access if you entered your credentials.  By example, here are the different login pages that I am shown for GMail and Google Docs.  You will see the detail more clearly by clicking them and opening the larger images.

GMAIL: Note the highlighted (or is that highlit?) areasGOOGLE DOCS: Note "docs" and "writely" in URLIf your login page is referencing Google Drive as the service and you see "docs" and/or "writely" in the Address Bar, then be very suspicious and DO NOT login.

Personally I wouldn't be logging in anyway, or at least until this issue is explained and/or resolved.

Could this be that you are reading the email as plain text, and that the link is actually back to some element in your own Gmail account that would be there if you were reading the email as HTML?
Was the email sent to your GMail address?  If not, then this wouldn't be applicable.

Just thinking aloud.  We'll wait until you get a result from Gorkana.
0
 

Author Comment

by:Gordon_Atherley
Comment Utility
BillDL and Everyone

No news yet from the BMJ. I'll post any updates that I receive. Meanwhile, with thanks to all, I'm going to close this question because I think that the discussion will be helpful to others.

I'm convinced that what I saw is a phishing scam, but I could be wrong.

Gordon
0
 
LVL 44

Expert Comment

by:Darr247
Comment Utility
Did you try right-clicking the link and choosing Copy Shortcut, then pasting that link into another browser like Chrome or Firefox as I alluded to in http:#a39932557 ?
0
 

Author Comment

by:Gordon_Atherley
Comment Utility
0
 
LVL 38

Expert Comment

by:BillDL
Comment Utility
Thank you Gordon.

Yes, that's a puzzling URL.  The fact that the target is "about.html" in the "help" folder seems odd.

With an email open while in GMail, this is the URL to my page:
https://mail.google.com/mail/?tab=wm#inbox/144ff11000280aba
so even if the person sending the email to you had created their own help folder, the URL to it wouldn't be as you provided.

The "help" page for Google mail is:
https://support.google.com/mail?hl=en-GB

An answer in their help pages has this type of URL:
http://support.google.com/mail/bin/answer.py?hl=en&answer=3114694#3114694

Something really strange, although not necessarily sinister, going on and I can't explain it.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now