Home » Publications » Insights » GOOGLE Docs Incident Provides a Real-Life Example of the Dangers of Phishing

GOOGLE Docs Incident Provides a Real-Life Example of the Dangers of Phishing

Published on: | by

May 3, 2017 was a bad day for Google as a major phishing attack spread like internet wildfire, targeting users of Google docs. However, as bad as it was for Google, it provided us with a real-life example of how the first line of defense to a cyber-attack is none other than you and me. People, not breached firewalls or lack of encryption, are often the cause of a major cyber incident, but with a little diligence, we can present a formidable front-line defense.

What occurred on May 3, 2017 has been described as a widespread phishing scheme through which people received an email, apparently originating from a trusted source, that asked the recipient to open a Google document that was embedded within the email. If the recipient of the email opened the Google document, they would have granted the sender access to the recipient’s email account and contacts. Once the Google document read the recipient’s contacts, it in turn sent more phishing attempts to the recipient’s contacts. The cycle repeated itself rapidly, and Google estimated that the attack spread so quickly that at the peak of the attack, Google’s customer base saw about 150 messages sent per minute. It was estimated that the attack may have affected at least one million people.

Phishing is a form of social engineering that involves sending emails that appear to come from a trusted source or someone the recipient knows in an effort to obtain the computer credentials of the recipient of the email, to hack in the recipient’s private accounts and obtain their personal information or to infect the recipient’s computer systems. It is a common method of cyber-attack today and one, as Google can attest, that can quickly cause widespread havoc.
So how does one prevent being the victim of a phishing scheme? You start with some education and a little common sense. Consider the following:

  1. Educate your employees and co-workers about phishing attacks. Make sure everyone you work with understands what one is and the dangers of what could happen if you are subjected to a phishing scam.
  2. Advise your employees and co-workers to take time and review incoming emails. In this digital age, most of us feel compelled to respond quickly to our friends, colleagues and perhaps most importantly our clients and customers. In light of the rise of the types and frequencies of cyber-attacks, it is becoming increasingly important to slow down.
  3. You simply cannot blindly trust an email that looks legitimate. You must carefully look it over to determine if it can be trusted.
  4. If you receive an unsolicited email from a trusted source containing a file, but you are not expecting a document or information to be provided by email, do not immediately open the email or click on any links or attachments. Contact the source of the email and ask what is in the file or confirm that they actually sent the message. It is better to be cautious than curious, and a phone call can save you from a lot of trouble.
  5. If you receive an email and do not know the source of the email, there is a good chance it is a phishing attack. In that situation, check with your IT professional before taking further action.
  6. Look closely at the email address of the sender, the “Subject” line and the content of the email for clues that the email is not legitimate. For example, does the email address of the sender end in “.con” as opposed to “.com”? Have numerals been used in place of letters, such as spelling the word “yellow” as “ye11ow”? In case you missed it, the first “yellow” was spelled with two lower case l’s while the second replaced the lower case l’s with the numeral “1”.

Taking these steps may slow you down a bit or may seem like overkill, but consider the alternative. And full disclosure, I received one of these emails on Wednesday that seemed to originate from an attorney I was dealing with on a matter. I came very close to clicking on the link myself until I noticed that the subject line contained the following string of letters: “hhhhhhhhhhhhhhh”. That looked odd to me, so before opening the embedded Google doc, I called the sender’s office and was told that they had not sent me the document. I immediately deleted the email, emptied my deleted items folder and alerted my IT staff.

by
Published on:
Updated:

Comments are closed.

Contact Information
Westfield - Main Office
53 Cardinal Dr
Westfield, NJ 07090
Tel: 908.233.6800Fax: 908.233.5078
Summit
469 Morris Ave
Summit, NJ 07901
Tel: 908.273.1212Fax: 908.273.8922
Red Bank
One River Centre, Building Two
331 Newman Springs Rd #225
Red Bank, NJ 07701
Tel: 732.741.7777Fax: 732.758.1879
New York
200 Liberty St 27th floor
New York, NY 10281
Tel: 212.742.3390Fax: 212.269.5016
Newtown
Silver Lake Executive Campus
41 University Dr #400
Newtown, PA 18940
Tel: 267.757.8716
Mailing Address
53 Cardinal Dr
P.O. Box 2369
Westfield, NJ 07091
We serve clients throughout New Jersey, New York, and Pennsylvania including: Union County including Westfield, Summit, Linden, and Cranford; Essex County including Newark and Livingston; Mercer County including Trenton; Middlesex County including Edison, Woodbridge, and New Brunswick; Monmouth County including Red Bank, Middletown, Eatontown, and Freehold; Morris County including Morristown and Parsippany-Troy Hills; and the cities of New York and Philadelphia. View More

Attorney Advertising

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please do not include any confidential or sensitive information in a contact form, text message, or voicemail. The contact form sends information by non-encrypted email, which is not secure. Submitting a contact form, sending a text message, making a phone call, or leaving a voicemail does not create an attorney-client relationship.

Copyright © 2016 – 2024, Lindabury, McCormick, Estabrook & Cooper, P.C.
JUSTIA Law Firm Website Design