If you opened a Google Doc from someone today you were probably part of a phishing attack that spread like wildfire across the Internet.
Good news, though: Google has blocked the vector for the attack this afternoon. Here’s their official statement:
“We have taken action to protect users against an email impersonating Google Docs & have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail…” (source)
This attack is probably over. Though it raced through the Internet (and maybe your Google account), Google acted quickly to block it. At this time, there’s no known payload, other than the spam engine.
We got off easy this time.
What is “phishing?”
Simply put, it’s a cyber attack that tries to get you to click on a link you wouldn’t otherwise open.
The most common version of phishing is like what happened today: A hacker sends you an email disguised to look like it’s from someone you know, with a link they want you to open.
Being a good, trusting person, you click the link. And poof: That’s the end of your good day.
How to spot phishing
Phishing attacks are damn sneaky. The emails are designed to look legit. Sender addresses are spoofed.
So whaddya do?
First of all, be a little paranoid when you get an email with a link in it. Do you recognize the sender? Are you expecting an attachment from that person?
If not, don’t click the link.
Second, hover your mouse over any link in the email. A URL (internet address) will pop up after a second. Do you recognize the address? Does it make sense?
If not, don’t click the link.
Finally, trust your gut. If anything seems off with the message – say it with me, here – don’t click the link.
How to recover from being phished
Okay, so you got hooked and clicked the thing.
First off, don’t beat yourself up. It happens to all of us. Yes, even me.
Phishers are good. Really good.
First thing to do is scan your computer to make sure nothing bad got installed. Malwarebytes free home version is a good tool to use for this. Download it, install it, run it, and remove anything it finds.
Second thing to do, once you’re reasonably sure your computer is clean, is send out a message to anyone who may have gotten a message from you from the infection letting them know you got infected.
Yeah, it’s a little embarrassing, maybe, but it really helps the rest of us to have a little warning.
Finally, like with most things cyber-security-related, reliable backups are the ultimate fall-back position. If the Bad Things that happen to your computer are worse than just spamming your friends and family, you’re going to want an easy way to recover your data and get back to work.
Get some help
Have you been phished lately and want to clean up your computer? Or maybe you want to have good backups, but don’t know where to start.
I can help.
Contact me, and lets talk.