Yesterday, you may have received invitations in either your FIT or personal Gmail accounts to share a Google Drive document from a recognizable name at FIT, mailing list you belong to, or personal contact. This was a nationwide email phishing scam that lured the reader to click on an “Open in Docs” button. When individuals clicked the link, they were redirected to a fake Google permission page which granted the cyber criminals the ability to send out additional emails using your email address (FIT or personal).
Below is an example of a scam email (the sender’s name has been redacted). Please note the multi “hhh” string in the “To” field. This is an indicator that the email is part of the scam.
What You Should Do
- If you have received one of these emails, do not click on the Open button in the body of the email. Instead report it as phishing and simply delete the message.
- If You Clicked the Link:
- Change the password on the affected email account. If it’s your FIT account, follow the instructions here. If you use the same password for any other accounts, please be sure to change those passwords too.
- Navigate to your Google account permissions page through this link: https://myaccount.google.com/permissions
Carefully select the app “Google Docs” (not Google Drive) by clicking on the app name and then clicking on the blue “Remove” button. Repeat this action with other Gmail accounts you may have. This process revokes the permissions to your email account(s) that the scam enabled.
This phishing attack was very widespread. Don’t feel embarrassed if you fell for it, but make sure you learn from it and change your passwords.
- Review the phishing tips from the Division of Information Technology.
- Finally, familiarize yourself with legitimate emails. A legitimate sharing request, shown below, includes the Google logo and other information.