Scam of the day – May 6, 2017 – Google Docs phishing scam

A phishing email is presently being sent to unsuspecting victims that urges you to click on a Google Docs link.  A copy of one version of the email is reproduced below. Clicking on the link will turn over your Gmail account to the scammer which not only will give the hacker access to all of your emails, but also your contact list which will enable the hacker to contact your friends with emails that appear to come from you and will be used to lure your trusting friends into clicking on links that can download keystroke logging malware that can lead to identity theft or ransomware.

TIPS

Never click on links or download attachments regardless of from where they may appear to originate unless you have verified that the email is legitimate.  In addition, even people who fell for this scam, would be safe if they used dual factor authentication for their Gmail account which would prevent someone who had your password from accessing your account.  With dual factor authentication, when you go to access your account a special code is sent to your cell phone if the request to access your account comes from a different computer or device that you generally use.  You can sign up for Google’s dual factor authentication by clicking on this link:  https://www.google.com/landing/2step/

Scam of the day – May 17, 2014 – Google Docs scam

Today’s Scam of the day comes, as so many do, directly from my own email.  I received an email today that is reproduced below.  DO NOT CLICK ON THE LINK.

“Please view the document I uploaded for you using Google doc CLICK HERE sign-in with your email to view the document, it’s important.”

The email was signed with the name of a real friend of mine although she was not the person that sent the email.  If I had clicked on the link in the email it would have downloaded keystroke logging malware that would have stolen all of the information from my computer and used that information including credit card numbers and bank account information to make me a victim of identity theft.

TIPS

The particular email that was sent me was particularly flawed in that the email address from which it came did not match the email address of my friend, whose name was signed in the email.  This was enough to let me know that the email was not legitimate.  However, a more savvy identity thief might hijack someone’s email account so that when they send out emails with the hijacked email address, people receiving the emails will be more willing to trust them and click on links contained in the email because they appear to be coming from a trusted source.  This is obviously a big mistake.  You should never click on any links in any emails unless you have confirmed that they are legitimate.  Merely because the email may appear legitimate and appear to come from a trusted source is not enough to trust the email.   Always confirm that the email is legitimate before considering clicking on any links.