As a proud Google Apps customer, I use a lot of Google’s product offerings to make my workflow as efficient as possible. I’m not the only one; according to TechCrunch, more than 3 million businesses are now paying for G Suite services as of January 2017. That is up from 2 million as of November 2015. A combination of security, flexibility and convenience make Google’s services a very attractive option.
Unfortunately, all these users are prime targets for another carefully crafted email scam. And not just the business class users. With over 1 billion Gmail users as of 2016, these scammers had plenty of targets. Which brings me to last week: I received an email from a friend of mine who is a teacher at a public school. It looked exactly like the type of email I receive when somebody shares an actual Google Doc with me. Right down to the “Open in Docs” button I am already familiar with.
At the risk of sounding admirative, creating a convincing email scam has really become an art form for many cyber attackers. Some scammers go to great lengths to make themselves look legitimate to gain the trust of unsuspecting audiences. With the increases of spam blockers and advancements in firewalls, scammers have also unfortunately developed to step up their game as well, so to speak.
I pride myself in being pretty savvy when it comes to phishing scams, email scams and any number of other undesirable internet schemes. In this case though, I am embarrassed to admit that I did indeed fall for it. I clicked through to the doc, and immediately noticed something was “off”. It prompted me to allow “Google Docs” (the scammer registered with that name, and even the official Google Docs logo) to access and send via my Google email account, among any number of things. I turned to the internet to investigate, and sure enough – it was a scam.
The Good News
The good news is that Google was immediately on top of the situation. Reddit also became a source of information, and the folks at Google took as little as a half hour to shut it down. I have to admit, it was a very clever scam. A lot of people were impacted by it, including schools and businesses. Based on the volume of impact, I think we can expect to see even greater security measures in place in the future. Be vigilant and aware of possible scams and take the time to educate yourself on ways to protect yourself from them.
Stay safe out there, as the web moves forward we need to be vigilant and creative to stay ahead of the scams.