As a proud Google Apps customer, I use a lot of Google’s product offerings to make my workflow as efficient as possible. I’m not the only one; according to TechCrunch, more than 3 million businesses are now paying for G Suite services as of January 2017. That is up from 2 million as of November 2015. A combination of security, flexibility and convenience make it a very attractive option.
Unfortunately, that means there will be scammers attempting to take advantage of those users. And not just the business class users. With over 1 billion Gmail users as of 2016, these scammers had plenty of targets. Which brings me to last week: I received an email from a friend of mine who is a teacher at a public school. It looked exactly like the type of email I receive when somebody shares an actual Google Doc with me. Right down to the “Open in Docs” button I am already familiar with.
I pride myself in being pretty savvy when it comes to phishing scams, email scams and any number of other undesirable internet schemes. In this case though, I am embarrassed to admit that I did indeed fall for it. I clicked through to the doc, and immediately noticed something was “off”. It prompted me to allow “Google Docs” (the scammer registered with that name, and even the official Google Docs logo) to access and send via my Google email account, among any number of things. I turned to the internet to investigate, and sure enough – it was a scam.
The Good News
The good news is that Google was immediately on top of the situation. Reddit also became a source of information, and the folks at Google took as little as a half hour to shut it down. I have to admit, it was a very clever scam. A lot of people were impacted by it, including schools and businesses. Based on the volume of impact, I think we can expect to see even greater security measures in place in the future.
Were you impacted? Here is a detailed article on Reddit talking about the full extent of the scam, including a reminder to do a Google Security Checkup. https://www.reddit.com/r/google/comments/692cr4/new_google_docs_phishing_scam_almost_undetectable/
Stay safe out there, as the web moves forward we need to be vigilant and creative to stay ahead of the scams.