• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » News » Gmail Phishing Attack Scams Using Google Docs

Gmail Phishing Attack Scams Using Google Docs

2017-05-04 by Michelle Dvorak

Gmail Phishing Attack Scams Using Google Docs

Google’s Gmail email service was targeted in a global phishing scam last night. The email sent out to Gmail users and was an especially crafty version of a typical phishing email. The fraudulent emails appeared to have been sent from someone the recipient already knew. The familiar sender names made it more likely that the email would be opened and thus helping the email scam spread even further and faster.
The email contained a message with an “invitation” from the sender to view a Google Document. Once users clicked on the link, readers were presented with a page of choices of which Google accounts to which they would grant access.

How to Spot the Suspicious email

Although the email appeared to be coming from a friendly name, the actual sending email address was consistently hhhhhhhhhhhhhhhh @ mailinator.com . Another clue was that the recipient (the person being scammed) was listed in the BCC (blank carbon copy) field rather than the recipient’s field [Figure 1].

Figure 1

Although one of our writers did receive the phishing email shown in Figure 1, he was cyber-savvy enough not to click on it! Thanks to Zach Latta, the cyber-attack process was recorded in his video:

@zeynep Just got this as well. Super sophisticated. pic.twitter.com/l6c1ljSFIX

— Zach Latta (@zachlatta) May 3, 2017

After account access was granted via the web page, the Gmail account was then used to spread the cyber-attack further.

What is a Phishing Scam?

A phishing email is any email that intends to steal something, usually personal or financial information, from the recipient. Typically, phishing scams are emails, but the term is sometimes used to describe phone call and websites too. Often an email scam directs users to a fake website that prompts viewers to enter in some personal information such as an account number or password.

When we talk about email, the sending email address is the email sender’s email address including their domain name. Most email clients give us the ability to set an additional display name. In this case, the display name, also known as the friendly name, was altered to contain the name of someone in the recipient’s contact list. For example, support @google.com is an email address or “box” but the friendly name might be customized to show as “Google Support.” With a familiar name as the sender, users were far more likely to open the email.

The May 3 Gmail Phishing scam was an email used with a fraudulent website.

Google responded to the attack almost immediately with posts on social media and one of their websites. {Figure 2] The company stated that only about 1% of its users were hit by the attack. Although .1% seems small, this means that over 1 million people received the email!

Steps to Take if You Are a Target of This Phishing Scam

  1. Be sure to change your password! This is something you should do on a regular basis – scam or not.
  2. Check Your Google and Gmail Security Settings

It is important for everyone to review his or her security settings on a regular basis. Make sure you have at least two account recovery options for your Google accounts. Visit Google’s security checkup center to review your account security and recovery settings. The Google security account check link is https://myaccount.google.com/secureaccount.

Filed Under: News Tagged With: phishing

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version