vienna tech help banner August 1, 2015



Google Docs Scam

We want to alert you to a dangerous email scam that a few of our clients have been affected by. It's been around for a while, but has become more sophisticated, making us all more vulnerable to being taken in by it.

What is the "Google Docs Scam"?

The scammers' end game seems to be to gain access to banking and investment account info in your email, then hijack your email to request transfer of your money to their accounts.

How does the scam work?

a. You receive an email from a contact whose account has been hijacked.
b. It contains a link to a document it claims is of interest to you.
(For example, we've been told that a hacked Real Estate agent's emails might say, "Here's a contract for you to look at.")
c. The link takes you to a convincing-looking, but fake Google Docs login screen asking for your email address and password.
d. You input your password.
e. Once the hackers hit a jackpot they can immediately run a search of your email for account numbers; your financial adviser, accountant, or banker's contact information; and collect all your contacts' email addresses so they can attempt the same scam on them.

What to do if you get taken in by this scam?

1. Immediately change your email password.
2. Call anyone you correspond with who has access to your money. Alert them of the hack and tell them that requests for money transfer or printouts should be confirmed by calling you. Ask if your account numbers can be changed ASAP.
3. Change passwords to financial accounts.
4. Let your email contacts know your email was compromised.

Some ways to avoid being burned:

1. Don't input your email password anywhere except your true email login screen.
2. Don't put account numbers, passwords, etc. into emails.
3. Use Web of Trust to check out links emailed to you -- before clicking.
4. Gmail users use 2-part authentication. (Keeps devices that have not been authenticated from accessing your email.)
5. Gmail users check account My Account / Security Checkup to see if any devices beside your own have accessed your email.

Feel free to call or write with questions,
James, Jeff, and Erik