And what to do now…
As many have heard, Google just suffered an embarrassing phishing scam that has compromised untold records. The scam works like this:
A user receives an email in their inbox from someone they know, that looks authentic, asking them to join a Google Doc. Once clicking on the doc it redirects them to an authentic Google login page to enter their user credentials. Your credentials are compromised at this point and you are redirected to a malicious third-party site that requests access to your email account.
Aside from spamming your friends and spreading the scam using your account, the cyber-criminals also now have access to all the contacts of your Google account and probably other accounts that you use that share the same password! Pretty clever huh?
What can you do to prevent it:
In general, approach with caution all emails asking you to join something or click through using your credentials. These attempts are getting more and more prevalent. If Google can get hacked like this, so can every other company on the planet.
Look closely at URL’s
In this case, the redirect took the user to googledocs.docscloud.info (DO NOT CLICK ON GO TO THIS LINK. EVEN IF YOU’RE CURIOUS). While subtle, this is a dead giveaway to any user paying attention.
Use Two-factor authentication whenever possible.
Two-factor authentication is what you use when your bank sends you a one-time code to get into your online account. It should be activated on every account that it is available on. This way, even if your password is compromised, the criminals will have a very difficult time getting in.
Contact Upward right away if you believe you may have clicked on a link like this. We can take immediate measures to limit the damage.