If you received a message today with the subject, “A document on Google Docs has been shared with you,” it is very likely that your email address is on the contact list of someone’s account that was hacked. This ploy was meant to convince you that someone you know sent you a document, and by entering your Google email address and password, you would be able to open the attachment. In reality, entering your credentials would provide a hacker access to your Gmail mailbox from which they could harvest your mailbox and attack your contacts.
Google has reported that they have taken down the offending accounts and system updates are underway to prevent future attacks. Google is also encouraging users to report the email as a Phishing attempt within Gmail.
If you received one of these messages, your account would have been compromised at the point of entering your email address and password. Opening the message, or even clicking on the link that opens the login page would NOT compromise your account.
If you clicked on the link and entered your credentials, immediately complete the following steps:
- Go to your Gmail account’s permissions settings at https://myaccount.google.com/permissions
- Remove permissions for “Google Docs,” the name of the phishing scam (if the page says, “You haven’t granted any apps or websites access to your Google Account,” your documents were not compromised).
- Change your Gmail password
When setting passwords, consider using a passPHRASE made up of three or more common words, and add a number or special character to increase complexity. Even the longest dictionary word is easily hacked, but passPHRASES are much more difficult to pick. Try something like “I-Like-Tomatoes22” or “I-Dr1ve-A-Boat” rather than using a common word or pet’s name. The length and use of multiple words provide added protection.
This is only the latest of several new email attacks. Always pay attention to the TO, FROM, and SUBJECT LINE before clicking on a link or opening an attachment. The “TO” line on this Google Docs message says, firstname.lastname@example.org. It is also important to be very suspicious anytime you are asked to enter your password from an email request. Credential phishing is big business for cybercriminals.