Google Docs Phishing

If you get an email containing a link to a Google Doc, don’t click. Check with the person who sent it before opening. There’s a phishing scam going around that seems to be widespread.

Otherwise, open thread!






32 replies
  1. 1
    TenguPhule says:

    You forgot to tag it open thread.

    /pedant

  2. 2
    Gravenstone says:

    Interesting. This actually hit my place of business today. Had 4 or 5 local vectors before IS got a spam filter for the source up. Didn’t realize it was so widespread.

  3. 3
    West of the Rockies (been a while) says:

    Damn Russkies are into everything!

  4. 4
    Chet says:

    I got three of them right in a row this afternoon. Curiosity nearly got the better of me.

    At work they sent us this checklist to follow if you got fooled:

    1. Promptly go to https://myaccount.google.com/security#connectedapps
    2. If you are not already signed in, sign in.
    3. Click on Manage Apps
    4. If you see “Google Docs”, click on Delete

    “Google Docs” is actually not a Google App; it is a Trojan horse.

  5. 5
    ruemara says:

    Glad my default setting is “did I ask you for a document or did you call me? then trash it is!” I do wonder about the timing.

  6. 6
    Walker says:

    I got several from students today. The scary thing is that I am in a class where students are supposed to share Google Docs with me. But we did not have a current assignment, so that made me suspect it was a phish.

  7. 7
    Walker says:

    @Chet:

    If you got fooled, you need to reset your password (preferably with two-factor authentication) ASAP

  8. 8
    Cheryl Rofer says:

    @TenguPhule: Done!

    Do you know how many tags there are???????

  9. 9
    TenguPhule says:

    @Cheryl Rofer: You mean you select them from a drop down list?

    And sure, we treat most threads like open threads anyway. But the principle still applies!

  10. 10
    David Anderson says:

    @Cheryl Rofer: that is after the cull

  11. 11

    So, today in Jefferson City at the capitol a few people pointed out what the right wingnut republican majority in the General Assembly thinks of women:

    Post apocalyptic novels aren’t supposed to be a blueprint for society

  12. 12
    smintheus says:

    A question about gmail accounts. My university is planning to force all faculty to switch to gmail, claiming that it is excellent for privacy. Is my impression correct that google uses gmail to track you pretty much everywhere on line?

    Another college I taught at once forced us onto gmail, and I found it extremely intrusive; when I was visiting other sites, any login often switched automatically to my gmail account.

    I’m thinking of telling the university not to create a gmail account in my name because I don’t trust Google to respect my privacy. Is that a defensible position wrt gmail?

  13. 13
  14. 14
    Cheryl Rofer says:

    @TenguPhule: A very long drop-down list.

    @David Anderson: LOL!

  15. 15
    TenguPhule says:

    @Cheryl Rofer: Don’t feel bad if the thread dies early, useful technology posts tend to die early deaths unless there’s an argument to be had in it.

  16. 16
    Jim, Foolish Literalist says:

    @TenguPhule: no they don’t

  17. 17
    Walker says:

    @smintheus:

    I have multiple Google accounts. I keep personal distinct from professional. There are FERPA issues. But then you should never send FERPA sensitive material by e-mail

  18. 18
    smintheus says:

    @Walker: I’m talking specifically about Google’s apparent determination to follow me around on the internet, from my use of the library catalogue to reading of the news and everything in between.

  19. 19
    TenguPhule says:

    @Jim, Foolish Literalist: I see what you did there.

  20. 20
    Cheryl Rofer says:

    @TenguPhule: Just doing my part for a full-service blog.

  21. 21
    Jim, Foolish Literalist says:

    @TenguPhule: no you don’t

  22. 22
    TenguPhule says:

    @Jim, Foolish Literalist: “Sir, this is the Department of Obnoxious Complaints, you want the Department of Silly Arguments third door on the left.”

  23. 23
    dmsilev says:

    @smintheus: Are they talking about just having everyone create their own gmail accounts, or are they talking about signing up for the edu version of Google’s enterprise email? The latter doesn’t have the sorts of tracking and ads that the regular gmail does, but it isn’t free.

    (We switched to Office 365 rather than Google, though I wasn’t involved in that decision so have no idea as to what factors went into the choice)

  24. 24
    TenguPhule says:

    @Cheryl Rofer: As a heads up, if you’re not into Monty Python and Terry Prachett yet, both are required viewing here.

  25. 25
    Roger Moore says:

    @smintheus:

    My university is planning to force all faculty to switch to gmail, claiming that it is excellent for privacy.

    I’d like some of whatever they’re smoking. Google is refreshingly honest that they read all your mail and try to mine information from it. This is sometimes to your benefit- it’s nice that it can recognize some kinds of mail, like appointment confirmations and shipping notices- and provide you with appropriate information from them- but you’d be a fool to think they aren’t also using it to help target ads. I don’t think I’d want them doing that with my work email. If you handle any kind of sensitive information, like PHI, it might even be illegal to let it go through a company like Google that’s going to read it.

  26. 26
    Miss Bianca says:

    I think it got me – I started to do a share, then thought, “wait a minute”…is there anything you can do about it after the fact?

    ETA: @Chet: ooh, maybe it didn’t get me, then – I didn’t see “Google docs” in “Apps connected to your account”.

  27. 27
    Roger Moore says:

    @Jim, Foolish Literalist:
    That isn’t an argument; it’s just contradiction.

  28. 28
    Chet says:

    @Walker: work said that “may” not be necessary, but not a bad idea anyway. I don’t think apps you authorize through google (even the legitimate ones) see your password.

  29. 29
    Olivia says:

    I got it this morning from the address of a friend I have been sending and receiving several items from. I clicked on it like an idiot and it was blocked by Google. Normally, I check the headers in emails but since she and I had been mailing back and forth, I didn’t.

  30. 30
    smintheus says:

    @dmsilev: It must be the edu version; they forced all new faculty and all students to use it starting several years ago.

    @Roger Moore: I don’t see how they can justify permitting an email vendor to read faculty email when we frequently discuss confidential things protected by law, like students’ grades/performance.

  31. 31
    Gvg says:

    I think I got this warning too but the last month have seen so many warnings of phishing and other threats that I am up to 2 or 3 a day and they all seem so similar. We are getting busy at the University and really I just don’t open much. I had noticed the pace of threats has really gone up.
    I have also been getting more robocalls on my personal cell the last 2 years and it’s annoying. I am still on the do not call list but I survived cancer and have multiple doctors offices that call with reminders from many different numbers. The vets office also calls out on different numbers, so I answer then hang up. I have wondered if the calls were disguised and actually coming from out of the US because I just don’t do business with that many companies. What I here before hang up is also badly targeted and not of interest to me.

  32. 32
    bago says:

    Things that are always true for 200, Alex.

    If you don’t know what a hexeditor is, don’t open files from strangers.

    They’re like candy, people.

Comments are closed.