Google reported to its Gmail users secure from Google docs phishing 2017 is a Phishing attack through an email that reached users by inviting them to collaborate on a Google document that supposedly one of their contacts had shared, Problem is that this invitation was actually a fake site that installed a worm able to read all your emails and contacts from your calendar to continue spreading over the network. Although the problem could have been avoided if users checked the email address from which this invitation was sent, they could see that it was not a Google docs phishing 2017 domain anywhere.
How to secure from Google docs phishing 2017
Phishing occurs when an attacker sends an email or a link that looks innocent but is Google docs phishing 2017 really malicious. These attacks are a common way in which users get infected with malware (programs that are hidden in your computer and can be used to remotely control, steal information or spy).
Google docs phishing 2017 in Email
In an email of this type, the attacker must motivate you to open a link or an attachment that may contain malware. This can also happen through a chat. It is important to check the links that you send us by email or chat. The addresses in the emails can be deceiving, in an email they can appear one way and say one thing but if you hover the mouse over to see where they actually lead, they can show another.
Google docs phishing 2017 in different way
Another way to cheat is to send you a link that says contain a file hosted in services like Google Docs or Dropbox. If you follow the link you will see what appears to be the home screen of one of these services and you will be encouraged to type your username and password. But the link may have led to a fake site with a replica login screen. Therefore, if you follow the link, before typing any password check the address in your web browser, it will show you the actual address where the page comes from. If you do not show the expected website, do not continue!
Remember that seeing the corporate logo of the website is not enough to confirm that it is real, anyone can copy the logo or design on their own website to try to deceive you.
How does phishing work?
Imagine receiving an email from your Uncle Boris saying that it contains pictures of your children. As Boris really has kids and the mail seems to come from his own, you open it up. When you do, there is a Word document attached that opens it, causes a strange window to appear for a few seconds and then disappear. Now your screen shows a text document with illegible characters or even pictures of Boris children!
Uncle Boris did not send that mail, but someone who knows you have an uncle Boris (and who has children) does. The Word document you have opened has opened the Word program, but took advantage of a software failure to run your own code. In addition to showing you the text file has downloaded malware to your computer. This malware could make a copy of your data and record what they see and hear the microphones and camera of your device. It’s easy to fake emails to show fake addresses. This means that checking the email address to confirm that the mail has actually been sent by who it appears to be is not enough.
Other fraudulent attacks of this type are less direct: someone could send an email to hundreds or thousands of people claiming to have a viral video, an important document, a dispute of money or be from the support department of your computer. Sometimes, instead of installing software on your computer, those emails ask for personal information, financial details or passwords. Some of your recipients will be misled and pass sensitive information that asks for the message.
How to help defend against Google docs phishing 2017
The best way to protect you from these attacks is to never open any links or attachments that are sent to your mail: this is impossible for most people. But how do we differentiate between attachments and malicious links and those that are not?
Check emails from senders
One way to determine if an email is a fraudulent attack is to check if the person sent it through another medium. If the email was supposed to be sent from your bank, you could call your bank or open your browser and write the URL of your bank’s website instead of opening a link in the mail. Similarly, instead of opening the attachments of your uncle Boris, you could call him on the phone and ask if he actually sent you the pictures of your children.
Put files on your website or file sharing service
If you frequently send files to someone, such as a co-worker, consider sending them by other means more easily verifiable than within an email attachment. Upload these files to a private server you both have access to, such as Google Drive, SpiderOak or Dropbox. If you normally share your files by uploading them to your web page or by placing them on a company’s server, an email with an attachment can immediately be viewed as suspicious by the recipient. Infiltrating and changing information on a server is (hopefully) more difficult than writing a fake email.
Open suspicious documents with an online document reader
There are those who expect to receive attachments from unknown people. Especially, for example, if they are journalists waiting documents from their sources or dealing with the public in an organization. In these cases it is difficult to verify that the document or link you are about to open is not malicious.
For documents like these, try opening them with Google Docs, Etherpad, or some other online document reader. This can often mitigate some of the common attacks that are attached in malicious documents.
If you are comfortable learning to use new software and are willing to spend a lot of time setting up a new environment to read emails or strange documents, there are dedicated operating systems designed to limit the effects of malware. Any file or link that you have uploaded to a public web page like VirusTotal or Google Docs, can be seen by anyone who works for the company or possibly anyone with access to that web page. If the information it contains is sensitive or secret, you should consider an alternative.
Be wise with instructions received by mail
Some fraudulent e-mails claim to be from a computer support department or a technology company and ask you to submit your passwords, or give remote access to a “computer repair technician”, disable some security settings on your device, or install a New program. They can give you a detailed explanation of why it is necessary, for example stating that your mailing box is full or your computer is malfunctioning or has been hacked. Unfortunately, the consequences of obeying these fraudulent instructions can be terrible for your safety. Be especially cautious before giving any technical information or following technical instructions unless you are absolutely sure that the source is real.
Use Email Authentication
A more complicated but effective technique to prevent fraudulent mail is to use software that can help ensure that an email is who it says it is and has not been tampered with. If you sign an email using PGP you are telling the recipient that the signed content can only come from someone who has your PGP private key and that their content is therefore far from being malicious as a rule. The disadvantage of this method is that both parties should have PGP installed and know how to use it.
If you believe that an email or a link that you have sent is suspicious, do not open it or click on it until you have discarded the situation with the above tips and you can be sure that it is not malicious.