Sharing Google documents or another phishing attack?

Posted on Categories Security

What happened?

The afternoon of May 3 saw a widespread phishing attack across the internet.  The phishing attack is an email that looks like a Google document sharing request as shown below.

It is a convincing phish but note the odd To: address.  That should be a warning sign that something is off.  In some cases people recognized the name of the person but perhaps it was spelled slightly wrong.  That’s another warning sign.

The link, which you should not click on, takes you to a page that appears to request access to your Google account.  Real Google docs do not need this access.  Once you grant access they will try to send more messages using your account to your contact list.

What can I do?

First, if you clicked the link you should change your password on Inside Augsburg.  This is true for any phishing email that has fooled you into clicking on a link.

Second, and more importantly this time, is you need to review all connected Applications and Websites connected to your Google account.  The phish has tricked you into giving their application access to your Google account.  You do not want that.

This is done in three quick steps.

  1. Visit https://accounts.google.com
  2. Under Sign-in & Security pick Connected apps & sites
  3. Click MANAGE APPS and review and remove any sites or apps that you do not recognize.  This phish shows up as “Google Docs” which is very tricky.  If you see that listed, remove it.

 

How can I learn more about information security?

We have a broad information security self-paced course in moodle that anyone at Augsburg can complete to improve their information security awareness skills.  The course has about 35 minutes of short videos (closed captioned, no sound required).  You can find it in moodle community at the following address https://moodle.augsburg.edu/moodlecommunity/course/view.php?id=946.