On Wednesday, several users found themselves the victim of a convincing phishing attack. The attack was designed to look like an invitation to view and edit a Google Doc, and is designed to steal your Google credentials and spread through your contacts.
Not only does the email look convincing, it’s also often coming from a contact you already know. Even worse, the link takes you to a Google.com URL with a legitimate-looking login screen. However, once you log in with your Google credentials, whoever is behind the attack will have full access to your account.
Once it has them, it sends the same email to your contact list in an attempt to propagate itself. This attack is well-crafted, to the point where the easiest way to catch it before getting snared is to click the small link on the page that Google hosts to check the developer’s information. Since the attack utilizes legitimate Google account functions, however, who would think to check?
Whenever you get an unsolicited email with links or attachments, it’s critical to think before you click!
Fortunately, Google was able to apparently put the kibosh on this attack within an hour of taking action, but there’s still no indication of who was responsible for this attack or if/when they will strike again. Therefore, it is important to understand how to avoid falling victim to emails like this in general.
First, if there’s ever any doubt of an email’s validity, check out some of the indicators that tend to go overlooked. This attack in particular had some oddities--for example, the email was addressed to “.” Secondly, if an email is unexpected, it never hurts to confirm its validity with the sender through an alternate method of communication.
To protect your business, you need to be sure that your staff understands that threats like this could be a major problem. In the meantime, be sure to keep your eyes out for more email-based phishing scams and other threats. If you do come across questionable messages, don’t hesitate to report it immediately, so that everyone on your team becomes cognizant of the threat.
For more information about phishing scams, social engineering tactics, and other attempts to infiltrate your network, contact the IT professionals at Sagacent at (408) 248-9800 today.