An email furiously bounced between personal, school and business accounts today, notifying you that a Google Doc had been shared with you.
According to preliminary reports from Google and technicians testing the message links, the message was an attempt to install a malicious Google App in your account.
On their Twitter feed at roughly 4:15 PM, Google released this statement:
We have taken action to protect users against an email impersonating Google Docs & have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing email in Gmail.
Just last week, we had 8th graders tour on a career planning field trip. As part of our presentation, we share some fairly standard helpdesk tickets (with sensitive information removed). We looked at ransomeware, we saw screens covered with fake BSOD messages, and we talked about the vulnerability of computer users and platforms. The teacher asked for some parting advice for the students; how can they avoid these situations? How can they assist their parents and grandparents that may turn to them with IT questions, simply because they are younger?
Our advice is to always look twice and think twice before clicking. Attentive readers would have noticed some key features in the the scam email shared today. This is not the first fake Google Doc shared via email, and it certainly will not be the last. Hover over links before clicking, check to see if grammar and spelling are correct in the content of the message, consider whether the message is of ordinary pattern for the sender, and feel free to actually engage with the sender personally to see if they are really sending you a link to a Dropbox file, sharing a Google Doc, or in dire need of funds half a world away.