Articles in this section

Email Scam: Google Docs Sharing

Lorenzo Russo
  • Updated
Follow
 
Preface
 
In May 2017, an email scam emerged targeting Gmail users, where an email is received from a known person, inviting the Gmail user to view a Google Doc.  When the link in the email is clicked, the recipient is asked to authenticate with their Google account credentials, and then to give permission for data in his/her account to be accessed. If the recipient follows the entire process, their credentials are captured by hackers.  These hackers then have the ability to access the recipients email account and repeat the fraud to all contacts in the recipients’ address list.  Hackers use these tactics to amass data on a wide range of users; they can then use the information gathered to perform more targeted attacks.
 
Analysis
 
This is a type of email scam.  It is not caused by a vulnerability in your own email system, but rather that the email sender’s account was hacked (likely because they used too simple a password).  The hackers then send out this email scam to all contacts in the sender’s address book.
 
The typical process involved in this email scam is:
  1. Hackers commandeer someone’s email account (aka “Sender”) by cracking their password or obtaining it through a previous similar scam.
  2. Hackers then send a malicious email to all contacts in the Sender’s address book.
  3. Some of the recipients of this email scam inevitably click the link in the email.
  4. The link directs the recipients to a site that requires them to login and give permission for something to occur (ex. certain data to be accessed by a third party).
  5. The email recipients log in and accept these access requests
  6. Recipients have effectively handed over their email account credentials to the hackers.
 
What you need to do NOW
  1. First things first: If you clicked on a link that was later determined to be malicious, you should immediately change your Gmail password.
  2. In this specific case, rather than clicking the link, recipients would have been better served open their Gmail accounts from a web browser and checking Google Drive for a sharing notification from the Sender.  If no such notification is visible, then the recipient can assume the email is scam, and mark it as such in their mailbox.
  3. Alert the sender of the email that their message appears to be spam, and ask if they sent such an invitation?  If they haven't sent this email, advise them to change their email account password immediately.
  4. SLOW DOWN.  We're serious.  Technology makes us click-click-click happy as we try to get various notification and alerts (and emails) out of our way.
  5. Ask yourself: How complex is my email password?  Change it immediately if it does not meet all of these criteria:
  • at least 10 characters (preferably 12)
  • a combination of upper and lower case letters
  • at least 1 number
  • at least 1 special character ($, %, ^, &, *, {, :, etc)
 

Comments

0 comments

Article is closed for comments.