How do they happen? Usually because we are so accustomed to interacting with email from people we know that clicking on a "Open in Docs" button from a colleague doesn't even faze us.
So what happened and what do you do...?
Today a rather sophisticated scam made it's way across the internet. It started with an email containing an "Open in Drive" button which lead to a genuine Google screen asking for permissions. Problem is, it wasn't Drive asking for permission. The scammer created an extension called "Google Docs" that asks for permission to interact with your email account.
It banks on muscle memory to work. We get an email from a colleague who shares files with us. We click it. A Google permissions screen appears. We accept. 'cause, it's Google...
Problem is, sometimes muscle memory over takes vigilance.
Google Drive (and all within - Docs, Slides, Sheets, etc) are core services so Google will never need to ask for account permission to access. The scammer's extension was meant to mimic Drive and lull the user into a sense of security. Google doesn't need permission for Drive, it's built in.
This Tech Crunch article has a good overview as well as an embedded animated GIF of the permission screen, including the developer information with a bizarre email.
Here is the GIF:
For my staffI made a quick flyer to help them differentiate between fraudulent and authentic Google Drive share emails. It's not foolproof but it's a start:
Remove anything that says "Google Docs"
For additional scam/phishing resources check out my previous posts on the matter:
- Email spam - sniffing out the bad, even from trusted sources
- Phishing, not the hook you're looking for
- Know your Twitter spam
Always good to follow accounts like @GoogleDocs and @GSuite on Twitter to get updated information.