With this new (May 3, 2017) email phishing scam rearing it’s ugly head it’s always a good time to pause and think about how these things happen and how we can prevent them.
How do they happen? Usually because we are so accustomed to interacting with email from people we know that clicking on a “Open in Docs” button from a colleague doesn’t even faze us.
So what happened and what do you do…?
Today a rather sophisticated scam made it’s way across the internet. It started with an email containing an “Open in Drive” button which lead to a genuine Google screen asking for permissions. Problem is, it wasn’t Drive asking for permission. The scammer created an extension called “Google Docs” that asks for permission to interact with your email account.
It banks on muscle memory to work. We get an email from a colleague who shares files with us. We click it. A Google permissions screen appears. We accept. ’cause, it’s Google…
Problem is, sometimes muscle memory over takes vigilance.
Google Drive (and all within – Docs, Slides, Sheets, etc) are core services so Google will never need to ask for account permission to access. The scammer’s extension was meant to mimic Drive and lull the user into a sense of security. Google doesn’t need permission for Drive, it’s built in.
This Tech Crunch article has a good overview as well as an embedded animated GIF of the permission screen, including the developer information with a bizarre email.
Here is the GIF:
— Zach Latta (@zachlatta) May 3, 2017
I made a quick flyer to help staff differentiate between fraudulent and authentic Google Drive share emails. It’s not foolproof but it’s a start:
I have updated the original flyer based on the Tech Crunch article pointing out it’s less of a password issue and more of an application permission issue. Check your application permissions here:
Remove anything that says “Google Docs”
For additional scam/phishing resources check out my previous posts on the matter:
- Email spam – sniffing out the bad, even from trusted sources
- Phishing, not the hook you’re looking for
- Know your Twitter spam