While to some of us, a phishing scam may sound like tricking your friends into thinking you caught a big pike at the weekend (OK, I don’t fish either), it’s actually something much more sinister. Well, depending on how you feel about lying to your friends, and fishing.
Phishing is when hackers try and ‘phish’ for your important details (username, password, favourite One Direction band member – the usual) by pretending to be a trusted site. Sometimes these sites contain malware too, which is just a double dose of bad luck. The most recent scam making the rounds is for Google Docs and Google Drive. Apparently, it uses a google.com URL and Google’s SSL encryption, so it’s nigh-on impossible to tell that it’s a hack.
This phishing scam starts at the very beginning: with an email. The malicious message apparently pops up with the subject line “Documents” and directs you to a Google Docs link. If you’re not a Google Docs user of course, this is probably the first red flag. The link shows up in the address bar as a google.com domain and takes you to a fake login page that looks just like the real Google login page, making it extremely tricky to spot as a danger zone.
And how did they pull off this filthy feat? With worrying ease. “The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive’s preview feature to get a publicly accessible URL to include in their messages,” Symantec security expert Nick Johnston explained in a blog post. This raises a few more red flags about just how easy it is to corrupt a system as massive as this one.
To avoid this frustrating foul-play, there are a few things you can do. One, always be careful about links you receive via email. Alarm bells should be going apocalyptically crazy when you get an email from someone you don’t know; or even someone you do, as often your ‘bank’ will send you emails – and because you think you think you recognise them, you’ll give them details you wouldn’t normally share. Also, if you arrive at the Google login page it won’t recognise you as a Google user, and your picture and username won’t be shown as it usually would.
So, sometimes Firewalls and state-of-the-art tech solutions can help in situations like these. And sometimes, the only thing that’ll do it is to keep your wits about you, and not let the little scamps win!
If you’ve got any security concerns give us a call on 0208 045 4549 or speak to your account manager.