Current Threat: Google Doc Phishing Email
Recently there was a phishing attack that used Google services along with email and we want to make sure your data is secure. Below are some security tips and what to do if you clicked on the link related to the recent attack.
If you receive suspicious email:
1. Do not click, even when the email is from your mother.
Even when you receive links from trusted contacts, be careful what you click. Spammers, cyber criminals and, increasingly, nation-state spies are resorting to basic email attacks, known as spear phishing, which bait victims into clicking on links that download malicious software, or lure them into turning over their user names and passwords.
In the Google phishing case, the malicious emails appeared to come from a trusted contact, but were actually from a different address with recipients BCCed.
2. Turn on multi-factor authentication.
Google and most other email, social media and banking services offer customers the ability to turn on multi-factor authentication. Use it. When you log in from an unrecognized computer, the service will prompt you to enter a one-time code texted to your phone. It is the most basic way to prevent hackers from breaking into your accounts with a stolen password.
3. Shut it down.
If you accidentally clicked on the Google phishing attack link and gave spammers third-party access to your Google account, you can revoke their access by following these steps:
Log into your google account
Navigate to permissions
Revoke access to “Google Docs” (the app will have access to contacts and drive).
4. Change your passwords ... again.
If you've been phished, change your passwords to something you have never used before. Ideally, your passwords should be long and should not be words that could be found in a dictionary. The first things hackers do when breaking into a site is use computer programs that will try every word in the dictionary. Your email account is a ripe target for hackers because your inbox is the key to resetting the passwords of, and potentially breaking into, dozens of other accounts.
Make your password long and distinctive. Security specialists advise creating anagrams based on song lyrics, movie quotations or sayings. For example, “The Godfather” movie quotation “Leave the gun. Take the cannoli,” becomes LtG,tTcannol1. Another good method is to combine words while adding numbers and special characters such as 1RedCar&2BlackCats
5. Report it.
Report any phishing and spear phishing attacks to ITsecurity@grcc.edu with the subject "Suspicious Email" and forward the original email as an attachment. Attacks related to Google email can be reported to Google by clicking the downward arrow at the top right of your Google inbox and selecting “Report Phishing.”
Some of the above information was taken from: http://www.nytimes.com
Phishing can be a major security concern for end users, colleges, universities, and businesses. Please take time to watch the brief video below presented by Jim Schafer regarding identifying phishing attacks and how to report them.