• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
AskCyber Home » News » Gmail Phishing Attack Scams Using Google Docs

Gmail Phishing Attack Scams Using Google Docs

2017-05-04 by Michelle Dvorak

Gmail Phishing Attack Scams Using Google Docs

Google’s Gmail email service was targeted in a global phishing scam last night. The email sent out to Gmail users and was an especially crafty version of a typical phishing email. The fraudulent emails appeared to have been sent from someone the recipient already knew. The familiar sender names made it more likely that the email would be opened and thus helping the email scam spread even further and faster.
The email contained a message with an “invitation” from the sender to view a Google Document. Once users clicked on the link, readers were presented with a page of choices of which Google accounts to which they would grant access.

How to Spot the Suspicious email

Although the email appeared to be coming from a friendly name, the actual sending email address was consistently hhhhhhhhhhhhhhhh @ mailinator.com . Another clue was that the recipient (the person being scammed) was listed in the BCC (blank carbon copy) field rather than the recipient’s field [Figure 1].

Figure 1

Although one of our writers did receive the phishing email shown in Figure 1, he was cyber-savvy enough not to click on it! Thanks to Zach Latta, the cyber-attack process was recorded in his video:

@zeynep Just got this as well. Super sophisticated. pic.twitter.com/l6c1ljSFIX

— Zach Latta (@zachlatta) May 3, 2017

After account access was granted via the web page, the Gmail account was then used to spread the cyber-attack further.

What is a Phishing Scam?

A phishing email is any email that intends to steal something, usually personal or financial information, from the recipient. Typically, phishing scams are emails, but the term is sometimes used to describe phone call and websites too. Often an email scam directs users to a fake website that prompts viewers to enter in some personal information such as an account number or password.

When we talk about email, the sending email address is the email sender’s email address including their domain name. Most email clients give us the ability to set an additional display name. In this case, the display name, also known as the friendly name, was altered to contain the name of someone in the recipient’s contact list. For example, support @google.com is an email address or “box” but the friendly name might be customized to show as “Google Support.” With a familiar name as the sender, users were far more likely to open the email.

The May 3 Gmail Phishing scam was an email used with a fraudulent website.

Google responded to the attack almost immediately with posts on social media and one of their websites. {Figure 2] The company stated that only about 1% of its users were hit by the attack. Although .1% seems small, this means that over 1 million people received the email!

Steps to Take if You Are a Target of This Phishing Scam

  1. Be sure to change your password! This is something you should do on a regular basis – scam or not.
  2. Check Your Google and Gmail Security Settings

It is important for everyone to review his or her security settings on a regular basis. Make sure you have at least two account recovery options for your Google accounts. Visit Google’s security checkup center to review your account security and recovery settings. The Google security account check link is https://myaccount.google.com/secureaccount.

Filed Under: News Tagged With: phishing

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

20 Online Courses for a Successful Career in Cyber Security in 2021

Cyber Security Governance & Customer Trust Senior Analyst

COVID Vaccine Passports: Saturday Sitrep

Microsoft Simulator Brings Gaming Elements to Cybersecurity

Dark Web Breach Leaks 600K Stolen Payment Cards

IPVanish

IPVanish VPN

Cyber Security News

Dark Web Breach Leaks 600K Stolen Payment Cards

… [Read More...] about Dark Web Breach Leaks 600K Stolen Payment Cards

LinkedIn Data Leak Exposes Millions of Users

… [Read More...] about LinkedIn Data Leak Exposes Millions of Users

Facebook Responds to Data Leak

… [Read More...] about Facebook Responds to Data Leak

Facebook Breach – Hacker Dumps Millions of User Data on Public Forum

… [Read More...] about Facebook Breach – Hacker Dumps Millions of User Data on Public Forum

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card Cyber Attack DHS Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware Romance Scam Russia smartphone SolarWinds tax scam TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2021 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version