What To Do If You Clicked On The Google Phishing Scam
We, at the Dwyer & Michaels Morning Show get several emails daily. Most of them ragging on me for my love of trains, Rush and being a water skiing guru. The rest are emails talking about Dwyer's dumb cars.
Along with the show email we receive, we also receive a lot of spam emails. A LOT!!! So many, in fact, that if we were to write a song about them it would sound a lot like Monty Python's Spam Song.
However; this afternoon I noticed something. Something out of the ordinary. We were receiving emails from people whose names we recognize. Either as people that email often, Facebook friends, or maybe even in one instance a member of one of our own family's. What struck me most as odd was all of them wanted to share a Google Doc with us.
Now sometimes we'll share docs with a co-worker or family member, but why would "Sandra Bennett" (named changed for protection) be sending us random access to her Google Docs. Then, I noticed that we had several of these. Five of them in the past ten minutes.
After doing a little research I found out that it's a massive phishing campaign and anyone with a gmail account is a target. These are malicious emails designed to hijack your account. The emails all appear to look like this one, and are addressed to "email@example.com" with recipients BCCed.
If you received an email like this, here are some tips on making your account safe again:
- Do not click, no matter who it's from. This type of phishing wants to deceive you into thinking the links are from trusted contacts. This particular scam seems to be coming from “firstname.lastname@example.org”.
- Use multifactor authentication. Most email or social media accounts will allow you to use multifactor authentication. Basically when you log in from an unrecognized computer, the service will send a one-time code to you phone. It's easy and will save your bacon.
- Revoke the scams access. Go to https://myaccount.google.com/permissionshttps://myaccount.google.com/permissions and revoke the spammers access to Google Docs.
- Change your passwords. Make sure your new password is different from any you've used before.
- Report the attack. In the top right of your Gmail inbox there's an arrow, clicking it lets you "Report Phishing."