The Google phishing attack scam was first reported yesterday and takes the form of an email that purports to be from a friend, coming through Gmail and has a link to Google Docs.
In fact it is the work of a scammer who is using the attack to take control of the users GMail account and perhaps, in fact most likely, also access some if not all of their personal data. It is activated by the user clicking on the link in the email – anyone who has clicked on a Google Docs link recently could well be affected.
If you received an email like this but haven’t clicked the link…
First off it is best to make sure that you haven’t by remembering if you have clicked on any Google Docs links recently – if you have then its best to assume you have been affected and follow the steps laid out below.
If you are happy you haven’t, then the priority is to remain vigilant against the possibility of being caught. The first, and most obvious piece of advice is to be absolutely 100% certain that any Google Docs links you click on are legitimate – if needs be confirm with the sender first that it is a genuine email. Secondly ensure everyone you know is aware of this scam and the precautions they should be following to avoid being caught.
If you think you have clicked on a link in a scam email…
First off don’t worry too much – the effects of the scam can be big but it is fairly easy to undo most of the damage done – if you think you have been caught by the scam, follow these steps – there will be no harm done even if it turns out you were not hacked:
- Log in to your Google account’s My Accounts page and head over to the app permissions options, look for the “Connected Apps & Sites” area.
- You will be looking to remove the permissions for the innocent looking but sinister “Google Doc”
- If you find it and it has a recent authorised date then it’s likely you have been scammed, once you have kicked it out then control over you account should be at an end and invites can longer be sent from your account.
- It is also a good idea to change your Google Account password.
The after effects can continue , so it is as well to do something about preventing those too… if you use your Google account in a workplace or school/university, then the team in charge of the network or IT systems can ensure the organisation’s computers are safe. The attack has also targeted corporate email accounts using Google software as well as GMail accounts so inform them if they do not already know.
Next get in touch with anyone you think may have received the link from you and forward them this article to ensure that they can stay safe too.
If you own or run a business, then the chances are you have several if not many computers and laptops/smartphones and such like. This is a great time to do the following:
- Undertake a full security check on all your devices.
- Check all data to ensure it is secure and continually backed up, preferably off-site.
- Revise your policy on staff use of personal email & social media at work, if you haven’t got a policy, it’s time to put one together.
If you have any concerns about Computer Security or want to talk to us about anything else IT related, just call our team on 020 8325 5000 or contact us via e-mail at firstname.lastname@example.org
We look forward to working with you.
© Deep South IT 2017 www.deepsouth.co.uk