May 9, 2017, by Sarah Jorgenson-Owen, CVS Technician
On May 3, a widespread phishing attack took place, using Google Docs as "the bait". Targets of this phishing attack received a legitimate email from one of their contacts. The email asked the recipient to download a Google Docs document.
If the recipient took "the bait" and clicked the button to download, they were taken to the Google account screen where a fake app titled "Google Docs" asked permission from the recipient to authorize access to the shared (fake) document. Once the recipient was "on the hook" the fake app copied their entire contact list and sent a copy of itself to all of the email addresses on their contact list. This happened many times affecting approximately 1 million G-Mail users in a very short period of time. This attack affected millions of users and organizations, including University of Alaska employees and students.
Google shut down the phishing attack within an hour and there were no reports of malware being deployed during this attack, but this is a good reminder of how quickly these attacks can happen. If you don't know a contact that you get an email from, or if you weren't expecting a document to be sent to you, DON'T OPEN IT! If an unexpected document comes to you, double check with the sender to make sure it's legitimate.
This is a good reminder about the importance of keeping your systems up-to-date and having a solid anti-malware solution in place for protection. SecureIT Plus, a Security Coverage product sold by Copper Valley Telecom, maximizes protection for residential customers and is available through Copper Valley Telecom. Please contact our offices at 907-835-2231 or 907-835-3551 for more information on SecureIT Plus.