Scam Alert! The Google Docs Phishing Scam has us in its cross hairs! We are constantly told that success goes hand in hand with all things Google. Now, here we are with a sophisticated phishing scam dealing with Google Gmail and Google Docs. Seems that some Google gmail received have a link to a Google Doc.
Experts warn that the email tells you that a user has shared a Google Doc with you and you are invited to view the document.
Do so at your own peril!
The app asks for permission to read, send, delete and manage your email, and also to manage your contacts.
The phish works because there is no malware involved and it tries to trick you into sharing your password via a legitimate logon page. Real Google accounts are used and the plugins developed by the phishers manipulate the reader through legitimate Google web pages. Yes, it works within Google itself!
The bottom line is this: the phishing app gains access to your gmail and address book! Can you
smell spell, S-P-A-M?
Google says the phish has now been blocked and the offending accounts have been removed. The only thing that remains may be unopened mail containing the phish. Heed the age-old adage: don’t open attachments from someone you are not 100% sure of!
Ways To Avoid The Google Docs Phishing Scam
Most of all, be vigilant and take note of the points below:
- Know who normally sends you email attachments. If you’re not sure, contact the sender by separate means and ask if they sent the attachment.
- The email will show a “To:” address of firstname.lastname@example.org, a sure giveaway. It may also contain other addressees BCC’d.
- Be wary of the extensive permissions the phish asks for! Google will never ask you for permissions to send and/or delete email!
- If you get one of these phishing emails, flag it by clicking the downward pointing arrow in the upper right hand of the email text. One of the options will be “Report Phishing.” Select that option to report it to Google.
Remember: Legitimate businesses and/or government agencies, including law enforcement, will NEVER send you an email asking you for personal information such as account numbers, PINs, social security numbers, etc.
What If I’ve Already Clicked On The Link?
Revoke any privileges you may have given! To do this, in Google go to My Account and to the Privileges section. This phishing app will show up as “Google Docs.” Select the option to Remove Permissions, then select OK.
Change your password! Again, CHANGE YOUR PASSWORD!
I recommend that you at least check out the free membership in Wealthy Affiliate. Free membership has the following benefits:
- Two free SiteRubix websites that includes daily backup.
- The best web hosting available with redundant servers.
- Free 10-lesson course in Online Entrepreneurship.
- Your own personal blog in the Wealthy Affiliate community.
- Seven day 1-on-1 coaching.
- Access to the affiliate program: earn while you learn!
- Access to video walk-throughs.
- Access to the Wealthy Affiliate keyword research tool.
Any thoughts about this latest scam? How does it make you feel to know that the scammers make use of the actual Google web pages? Leave me a comment below.