Cybersecurity Blog

Alert – Fake Invitations to View a Google Doc – 05/03/17

 

There are two new phishing emails that are making the rounds with fake invitations to view  Google Docs.  They are both very clever and they are both sent from someone that is in your contact list. The first one is a bit easier to spot as it looks something like this:

The personal information has been blocked out to protect the user’s privacy.

 

For those of you who have received an Invitation to View a Google Doc before, it is easy to pick up what is amiss with this email.  However for those of you who haven’t, this is what a legitimate Invitation to View a Google Doc looks like.  When you click the Open in Docs button, the document is opened for you.

 

The second phishing email is more sophisticated in that it looks a lot like a legitimate Invitation to View a Google Doc.  The only thing missing  from the email is the name of the document. However if you click on the Open in Docs button instead of viewing the document, a dialog box appears asking you for permission to access your email. This is the tip off that something is awry. Google Docs does not need access to your email to function.

If you see a dialog box instead of a document when you click the Open in Docs button, DO NOT CLICK on anything. Disconnect your computer from the Internet and call the IT Service Desk.  If you want to learn more about this phishing campaign, check out the CBC article.

As these latest phishing campaigns show, criminals are getting more and more sophisticated in the development of their phishing emails.  It is getting harder and harder to determine what is a legitimate email and what is a scam. To avoid becoming a victim of cyber crime, verify the legitimacy of all unexpected emails containing links or attachments regardless of who they come from.