Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

GMail Google Docs Phishing Attempt

Status
Not open for further replies.

DrB0b

IS-IT--Management
May 19, 2011
1,431
US
Just wanting to spread the word on this subject and to make sure that our community was aware:
It is really interesting that they said this "worm" could somehow run and access your account even if you had two factor authentication active. I wasnt hit by this but our SPAM firewall did catch about 8 emails coming in from Gmail accounts that had been hacked. Our advertising dept is constantly getting high res images shared with them via Googel Docs so this was a bit of a concern for us. Seems like the G-Men have it all under wraps now but was fun for a second. I know this kind of seems like a general phishing scam, but for a company like ours that does rely on GDocs, it could have been much worse just by the simple nature of it.

Here is how they suggest to rid yourself of a "hacked" account:
Learning - A never ending quest for knowledge usually attained by being thrown in a situation and told to fix it NOW.
 
DrB0b said:
Our advertising dept is constantly getting high res images shared with them via Googel Docs so this was a bit of a concern for us

There is a very simple solution to ALL 'phishing' scams, and pretty much all possible fraud attempts.

Teach your staff all about scepticism and NOT to accept anything "on faith"

I realise this might be a problem in parts of the U.S.A. were so many are programmed to "Have Faith" from childhood and this gullibility is then exploited by 'marketers' and 'con artists' alike. But sceptical and critical thinking are good insulator from the "social engineering" that 'phishing' and 'virus' spreading relies on. So if everyone spent more than a fraction of a second thinking before simply clicking on an innocuous looking link or replying to the "Lottery Winner" who wants you to 'share' their winnings with "the poor and needy" in you[sup]sic[/sup] country, we would ALL benefit.



Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.

Never mind this jesus character, stars had to die for me to live.
 
I understand your side of thinking on this matter but as in this particular case, and why I even went to the trouble of making a post in the first place, was the exact nature of this phishing scam. It went to extremely great lengths to come off as legit and if anyone in our advertising dept was waiting on a link to some pics they could have very easily fallen prey to this. Not because they weren't cautious but because of the way it attacked. I cannot teach every user, especially the older less computer literate ones, how to check the header of every email that comes in so they are super vigilant. It is not practical. Its not like these are prince of nigeria emails. These are on a different level.

Learning - A never ending quest for knowledge usually attained by being thrown in a situation and told to fix it NOW.
 
One of our users got one of these emails earlier this morning. Said it looked very legitimate, but knew they weren't expecting anything, so they were certain to not click anything nor open anything, and just deleted it immediately.

Thankfully, folks here have had it pounded into their heads, the simplicity of never assume anything is safe. If not expecting something with an attachment or link, verify it's safe before doing anything with it.

And I don't know about this statement:
I realize this might be a problem in parts of the U.S.A. where so many are programmed to "Have Faith" from childhood and this gullibility is then exploited by 'marketers' and 'con artists' alike.

In any facet of life in USA, in general, people are NOT taught to "have faith" as a child. It's more common that parents teach their children to "not trust strangers" - that's the exact opposite. People have different "faiths", of course, but that's totally different than reading an email or dealing with people in general. If people follow what they are taught as children to not trust strangers, that alone would help some stop some of the phishing as well as social engineering.

'Course, you could be referencing the song that says, "but ya gotta faith... faith... faith... ooo you gotta have faith..." I forget who sang it or whatever, but my best remembrance is it was a 70s or 80s song. I know it'll pop up on various radio stations in stores and such at times. [smile]

I won't say there aren't MANY gullible individuals, though, regardless of what taught. But there is a saying that I've read in various spots, and at least once attributed to a stand-up comedian, I think that says, "you can't fix stupid." [bigglasses]

p.s. about the last quote: I'm not implying anyone who gets a virus is "stupid". Any person can have a moment where they simply act without thinking, especially in the digital realm.
p.p.s Thank God for the edit feature we now have at TT. I noticed multiple typos in my last post, including one from the previous quote I referenced. Maybe I should tell someone in management that I must be brain-tired today and should be sent home for the remainder of the day. [wink]


"But thanks be to God, which giveth us the victory through our Lord Jesus Christ." 1 Corinthians 15:57
 
I realise this might be a problem in parts of the U.S.A.
Gullibility doesn't follow international borders, nor does arrogance.
 
I was wondering if anyone was going to catch/comment on that little dig.

"Living tomorrow is everyone's sorrow.
Modern man's daydreams have turned into nightmares.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top