Title: Google Docs phishing message
Post by: Eclipse on May 04, 2017, 03:29:51 AM
Post by: Eclipse on May 04, 2017, 03:29:51 AM
Most of you have probably already seen this in the news, but in case you haven't,
and considering how many of us use GSuite to manage CAP Ops & activities these days:
http://techcrunch.com/2017/05/03/psa-this-google-doc-scam-is-spreading-fast-and-will-email-everyone-you-know/
"How do I know if I've been hit? How do I fix it?
Check your Google account's app permissions. There should not be an app called "Google Docs" there — actual
Google Docs has access to your account by default. If you see it listed there, remove it by tapping the label and hitting "Remove"
Apps Permissions: http://myaccount.google.com/u/0/permissions?pli=1&pageId=none
I got one of these this AM, from an...ahem..."less then technical" CAP member, but with a large real-world
related to downstate flooding running, and a multi-state eval this weekend, I'm getting doc shares
from people I haven't worked with before.
The tip-off was it asking for permissions Google Drive already has by default, but the average person
probably wouldn't know that.
If nothing else, it's as good an excuse as any to check what has access and trim the tree.
Don't forget, these permissions are "per-account" (I have something like 9), so check them all.
and considering how many of us use GSuite to manage CAP Ops & activities these days:
http://techcrunch.com/2017/05/03/psa-this-google-doc-scam-is-spreading-fast-and-will-email-everyone-you-know/
"How do I know if I've been hit? How do I fix it?
Check your Google account's app permissions. There should not be an app called "Google Docs" there — actual
Google Docs has access to your account by default. If you see it listed there, remove it by tapping the label and hitting "Remove"
Apps Permissions: http://myaccount.google.com/u/0/permissions?pli=1&pageId=none
I got one of these this AM, from an...ahem..."less then technical" CAP member, but with a large real-world
related to downstate flooding running, and a multi-state eval this weekend, I'm getting doc shares
from people I haven't worked with before.
The tip-off was it asking for permissions Google Drive already has by default, but the average person
probably wouldn't know that.
If nothing else, it's as good an excuse as any to check what has access and trim the tree.
Don't forget, these permissions are "per-account" (I have something like 9), so check them all.
Title: Re: Google Docs phishing message
Post by: SARDOC on May 04, 2017, 04:38:00 AM
Post by: SARDOC on May 04, 2017, 04:38:00 AM
Good tip. Thanks
Title: Re: Google Docs phishing message
Post by: vesryn on May 04, 2017, 07:26:20 PM
Post by: vesryn on May 04, 2017, 07:26:20 PM
Google has already fixed this issue. If you are affected, the virus may have reset or seen your passwords for all affected Google Applications.
Here is a good video describing the attack: https://www.youtube.com/watch?v=o6uNvBBWBJw (https://www.youtube.com/watch?v=o6uNvBBWBJw)
Here is a good video describing the attack: https://www.youtube.com/watch?v=o6uNvBBWBJw (https://www.youtube.com/watch?v=o6uNvBBWBJw)