Jerry Jones CPA
Wouldn’t it be nice to have a CPA that you deal directly with, that understands your business, that works in all 50 states and is there for you when you need him?

Beware of This Google Docs / Drive Phishing Scam

Top Speed

This phishing scam takes convincing to a whole new level, on a platform many people use on a daily basis. Like most phishing scams this one arrives via email, with the subject of “Documents”. Naturally once you look at the body of the email it tells you to click on what looks like a Google Drive link to an important document.

This is where it gets particularly scary, if you click on this link you are taken to a login page that looks exactly like every other Google log-in page you’ve ever seen. This “fake page is actually hosted on Google’s servers and is served over SSL, making the page even more convincing,” Nick Johnston of Symantec wrote in his blog. Johnston continued, “The scammers have simply created a folder inside a Google Drive account, marked it as public, loaded a file there, and then used Google Drive’s preview feature to get a publicly-accessible URL to include in their message.”

google-spamSo it has a google.com URL, and it looks like a Google login, see page 2 for image. Unfortunately many people are likely to enter their login credentials without a second thought - and just like that their credentials will be com-promised.

What can you do to protect yourself? First is to stay alert. If an email comes to you with the subject of “Documents” and you know the sender think before opening it, would this per-son be sending me a document like this? Even if they do send me docs do they ever just call them “Documents”?

Second you may notice that something is slightly off with how the login is happening, for instance in this case when you click the link it asks you to sign in to a Google account. Most Google users, right now could type in gmail.com or drive.google.com and it won’t as for your credentials. Certain parts of Google, like the merchant login, always ask for you to reenter your password, but most won’t. This is a very subtle hint that not all is right with this link, but it is one you might pick up on.

Johnston went on to say, “Google accounts are a valuable target for phishers, as they can be used to access many services…” Not only will they now have access to your Gmail, Google Drive and Google Merchant accounts, they will have access to what is becoming more and more important in the land of cyber crime and phishing scams - access to the contact list associated with your email address!

Why is that connection so important and valuable? It’s simple, people are getting more wary of emails with links and attachments that come from Jane Smith, but that email from an old college friend or a neighbor down the block, that’s a link or attachment you’re more likely to click on. Compromised contact lists are becoming a hot commodity to really increase the effective-ness of phishing scams, generally referred to as spear phishing as they are now aiming for a specific person or group of people with known connections to the compromised account.

What can you do to make sure your account stays secure? Be careful with any link or attachment that arrives via email. Don’t feel embarrassed about contacting a sender to make sure the email you’ve received is legitimate, it’s always better to ask then to have your information stolen. And make sure you have taken steps to secure your password and that it’s not “password”. If that seems too obvious keep in mind that last year when the Facebook ac-counts were hacked the most common pass-word exposed was “password”.

To learn more about securing your password read this article - http://www.databitsnews.com/how-secure-is-your-password.

Click here to download original article

 

Designed by NJ Designs