Earlier this month a Google Doc phishing attack hit email boxes like a tidal wave. The scam used Google Docs links and convinced those who clicked to log into their Google account and grant the scammers access. Because the email linked to Google’s own sign in page, it was difficult to recognize the scam. While Google ultimately shut down this threat, the sophisticated nature of the phishing attack and its rapid spread illustrate the complexity and danger of phishing attacks. It is vital to exercise caution before clicking links in your email boxes. Here are some useful tips for spotting phishing scams and protecting your personal information.
- Pause and think before clicking a link or downloading an attachment. Phishing scams rely on users moving quickly through their inbox. It is important to stop and review emails and links before you click, download or reply. Were you expecting an email from the sender? Does the email cc a large group of recipients, individuals you do not know or strange unrecognizable email addresses? The Google Docs scam listed a recipient as “hhhhhhhhhhhhhhhh,” which was a trigger warning for some recipients.
- Check the URL before clicking. Hover your mouse over the link in question. You should see the destination URL in the lower corner of your browser window. Does it go to the actual site it claims or some other web address? It is important to note that this test would not have worked for the recent Google Doc phishing attack, as the email used Google’s own login page.
- Be wary granting third party access to your account. The key to the recent attack was that users readily gave access to a fraudulent third-party application. Users have become accustomed to doing this for many apps and do not think twice about hitting accept. Take extra caution when granting third-party access to an account, particularly via links within an email.
Utilize additional security features. Google and many other companies offer enhanced security options, which are often underutilized. Google password alert will let you know if you enter your Google credentials on any third-party website. You should also consider two-factor authentication that will require you to confirm a new login from your cell phone or another email account. This will help you monitor and prevent unauthorized account access.