======= ======= ====== ====== ====== ===== ==== ====== ====== ===== ==== ======= ======= ====== ====== ====== ===== ==== ====== ====== ===== ====
Just a short time ago I received an email from the management company that owns the building I live in inviting me to view an attached Google doc. My roommates and I are nearing the end of our lease so I thought it might be a form about whether we would continue living in the same apartment next year.
When I went to view the document, however, a huge red flag popped up when it asked for my login information. If you’re familiar with how shared Google docs work, you should know that you don’t need to provide your Google username and password to access the document, especially if you open it up from your Gmail account that you’re already logged into.
This is a phishing scam through and through. DO NOT open the Google doc.
Normally, your run-of-the-mill virus, scam, or malware invasion don’t warrant a full-blown PSA like this. I think we all know by now that there isn’t a Nigerian prince who wants to transfer his fortune to you in exchange for your social security number and bank account information. But what troubles me about this particular phishing scam is how realistic it looks. Check this shit out:
I don’t receive a lot of documents via Google Docs (Our workplace uses Outlook so I’m more familiar with that at this point) so this looks very legit to me. Coupled with the fact that it was sent from an actual person’s account from the building management company, I casually clicked the “Open doc” button without much thought. Thankfully, I had the presence of mind to not put my username and password in on the next screen. The one tipoff for this particular scam is the “hhhhhhhhh” email included in the “To:” field so if you see that, that’s how you know. I see right through your game you two-bit Zero Cool wannabe.
That’s the other scary part about this particular scam though. It’s being sent from legitimate emails such as your coworkers, managers, or landlord in my case. For that reason, I can see a lot of people falling prey to this thinking they’re opening up an important document. I guarantee 100% that another resident at one of our management company’s buildings fell for the one sent by them thinking it was going to be an announcement about rent, maintenance, or their lease.
So again, if you see an email like the one above, DELETE IT. It’s a phishing scam, and you will be fucked six ways from Sunday if you fork over your Google account information over to it, because I know everyone has practically their entire lives connected to it.
Worst case scenario, you delete it and you get to ignore whoever it was who sent it to you, who you probably hate. Actually, this will be a good excuse for you to just not open any work emails with attachments on them. Looks like you’ll have to ignore your responsibilities for the rest of the day in the name of cyber security. Thanks, Prince Akeem Semmi!.
Image via Shutterstock
Respond
@ArrowZeppelin
ArrowZeppelin
It looks like you are trying to avoid getting ripped off. Would you like some help with that?
I actually miss you harassing me these days. Nothing like a little nostalgia.
I got rich off a Nigerian prince. Here’s 5 tips doctors DON’T want you to know about Nigerian Princes!!! http://www.DefinitelyNotAS.ca/m/NigerianPrInCe_58276
I like to think the the guy in the stock photo for this article and the girl in the stock photo for the article just below this one are thinking about each other and the fight they had last night. He’s upset with himself because he finished too quickly and she tried to comfort him for feeling bad, but it ended up making him angry because he feels inadequate. They start fighting about trivial things and they eventually fall asleep in different places (him on the couch obviously). They still love each other, and he’s upset for having caused the fight, but she is thinking about what he said and considering whether or not to forgive him, but we all know she will.
If I’m not mistaken that’s Olivia Wilde in the movie Drinking Buddies, but I like this take nonetheless
Olivia Wilde is golden. Now I gotta see that movie.
It’s got Jake Johnson (Nick Miller, from New Girl), Anna Kendrick, Peter from Office Space… awesome little Indie flick that makes me want to quick the cube life and work at a brewery
UPDATE 5:37 A friend of mine who works in computer sciences offered remediation steps you can take to protect your Google account in the event that you did click on this link. He says:
“Basically, just change your google account password. Then, go to myaccount.google.com, and browse to the “Apps connected to your account”. From here, just unauthorize “Google Docs”. You’ll likely have to log in again and reauthorize Google Docs (real) next time, but that’s not hard. There are also two-factor authentication methods that could be added in these events. In that, even if someone has your password, they would need to have your USB device, mobile phone, etc. to pass the second check.”
Everyone should be using two-factor auth, everywhere possible, no exceptions. It is too easy not to use.
Points for the Hackers reference. Talk about L33T
Let your management company know of the scam. Sounds like someone obtained a list of their customers’ email address. Very target spear phishing. This comes from a cyber security professional
Uhg, I’m going to be cleaning uncle Silvio’s computer all freakin day.
Cyber security! Another tip is to hover over any buttons they want you to click and see if the hyperlink is actually what the email body says it is. Scams might be really, really close to the correct URL but there’s always at least one thing that’s off about it.
Also I fully support not opening any work attachments ever again
That’s also a good point! If you’re checking email on a phone though you probably won’t be able to catch that.
when the son of the deposed king of Nigeria emails you directly, asking for help, you help! His father ran the freaking country!
Not your best. How’s your health care plan coming?
Abortions for some, tiny American flags for others
Phishing huh? Tiiiiiiiiiight.