Scam of the day – February 6, 2020 – Google Docs Phishing Scam

by | Feb 5, 2020 | Scam of the day

A phishing email is presently being sent to unsuspecting victims that urges you to click on a Google Docs link.  A copy of one version of the email is reproduced below. Clicking on the link will turn over your email account to the scammer which not only will give the hacker access to all of your emails, but also your contact list which will enable the hacker to contact your friends with emails that appear to come from you and will be used to lure your trusting friends into clicking on links that can download keystroke logging malware that can lead to identity theft or ransomware.  It is important to remember that it is very simple  for a scammer to include the Google logo and a logo for Norton Security so you can’t trust an email merely because it carries such logos.  A strong indication that this email was a phishing scam was that the address from which it was sent was the email address of an individual who had no connection to Google Docs.  Most likely the email account used to send the phishing email was part of a botnet of computers that had been compromised and used by scammers to send out such phishing emails without the person whose email account is being used even being aware that his or her email was being used for this purpose.

Here is a copy of the email that is presently being circulated.  DO NOT CLICK ON THE LINK TO VIEW THE DOCUMENT.

Alan sent you a Document via Google Docs Apps.
This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.  
   Xoom Corporation, Money Orders & Transfers, San Francisco, CA
 Logo for Google Drive

TIPS
Never click on links or download attachments regardless of from where they may appear to originate unless you have verified that the email is legitimate.  In addition, even people who fell for this scam, would be safe if they used dual factor authentication for their Gmail account which would prevent someone who had your password from accessing your account.  With dual factor authentication, when you go to access your account a special code is sent to your cell phone if the request to access your account comes from a different computer or device that you generally use.  You can sign up for Google’s dual factor authentication by clicking on this link:  https://www.google.com/landing/2step/

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”