CERT mailing list archives
Google Docs Phishing Campaign
From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Thu, 04 May 2017 15:15:38 -0500
U.S. Department of Homeland Security US-CERT National Cyber Awareness System: Google Docs Phishing Campaign [ https://www.us-cert.gov/ncas/current-activity/2017/05/04/Google-Docs-Phishing-Campaign ] 05/04/2017 03:08 PM EDT Original release date: May 04, 2017 US-CERT is aware of a phishing campaign that affected Google Docs users. The campaign used spoofed email addresses to target users with emails purporting to share a document for collaboration. Once the targeted users accepted invitations, they were encouraged to allow the phishing program access to their email accounts. Google has taken action to protect users, including removing the fake Google Docs pages and disabling the offending accounts. US-CERT reminds users that they play a critical role in protecting their organizations and themselves from cyber threats. Users should: * Be careful when clicking directly on links in emails, even if the sender appears to be known; attempt to verify web addresses independently (e.g., contact your organization's helpdesk or search the Internet for the main website of the organization or topic mentioned in the email). * Exercise caution when opening email attachments. Be particularly wary of compressed or ZIP file attachments. * Immediately report any suspicious emails to your information technology (IT) helpdesk, security office, or email provider. Users of Google Docs are encouraged to review Google's statement [ https://twitter.com/googledocs/status/859878989250215937 ] and US-CERT's Tip on Avoiding Social Engineering and Phishing Attacks [ https://www.us-cert.gov/ncas/tips/ST04-014 ] for more information. You can report any suspected phishing emails to the anti-phishing group APWG [ http://www.antiphishing.org/report-phishing/ ]. ________________________________________________________________________ This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy & Use [ http://www.us-cert.gov/privacy/ ] policy. ________________________________________________________________________ A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () ncas us-cert gov to your address book. OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ http://www.us-cert.gov/related-resources ] STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Current thread:
- Google Docs Phishing Campaign US-CERT (May 04)