Click Before You Think: A Look At The Latest Google Phishing Scam

Thursday, June 22, 2017 4:00 pm, Posted by Absolute Destruction

Blog post after blog post, we always come back to the same piece of advice: only click on an attachment if it’s from a trusted source. Usually it’s a good rule of thumb that can protect you from the majority of phishing scams, but the crew at Absolute Destruction is prepared to eat our words. Sometimes, even seemingly trusted sources can send you bogus attachments.

Last month Google was at the heart of an insidious phishing scam that was aimed at its Google Doc users. It sent out an alarmingly realistic email to users asking permission to manage their email and contacts. If you clicked allow, it would have access to everything within your email accounts and your contact list, which it would then use to send out similar emails to your friends and family.

It worked so well because it sent you a Google-hosted page that listed all of your Google accounts, making it seem like a legit request from the tech company. The scam also bought the rights to a third-party app called Google Docs, further legitimizing the scam. Most people didn’t realize there is no such thing as Google Docs app. The real application is built-in to your Google account and has access to your email by default.

Though Google was quick to neutralize this threat, the scam managed to work on roughly 1 million users. Despite the large number, it seems like the tech giant dodged a bullet. Their investigations revealed the scam managed to access only contact information and no other personal data was exposed.

It was a near miss, but it provides a great lesson to all of us. While it’s easy to dismiss emails from unusual sources, with suspect titles and strange attachments, it’s not as simple to identify sophisticated scams that copy the look and writing style of trusted accounts.

Just as phishing scams are evolving, our approach to these cons needs to change along with them. In this latest case, critical thinking was the key to avoiding becoming a victim. Google Docs already has permission to see your emails and the documents you send through it, so it would never need to send this email in the first place.

This method is certainly a lot harder to lock down, and it will take practice.

It’s certainly much more difficult than scheduling our secure electronic data destruction services. Though easier to arrange, our data destruction is an essential step towards digital security, as it eliminates the physical theft of your data once you throw away obsolete devices. Once your computers, phones, or hard drives pass through the teeth of our mobile shredding truck’s blade, there’s no way to retrieve financial files or personal information stored on their chips.

To protect yourself even further, check out the top guides outlining how you can avoid phishing. Experts like WIRED and Norton Anti-Virus provide are a good place to start, so you can protect yourself against sophisticated phishing scam.

We’ll wait as you study up. Once you’re ready, give us a call to schedule your first pick up, and you’ll be one step ahead of the game.

© 2018 Absolute Destruction. All rights Reserved.