graphic of a computer with a cloud showing fields for username and password and a hook with text that says "phishing.".

Did You Fall for the Google Phishing Scam?

How to Avoid (and Recover!) from Internet Security Breaches

Last week, the internet was abuzz with news of a massive phishing attack that targeted over a billion Gmail users across the globe. The scam was simple – and classic so to speak. Users received an email asking them to check out a Google doc that was attached to the email. If you or your employees fell for it, you’re not alone. And that’s why it’s so important to have a cyber security strategy in place to protect your business.

But everyone knows not to click links from unsolicited emails, right? What made this one so convincing and dangerous for users?

Unique Characteristics of the Google Phishing Scam

  • Your Contacts. Unlike other phishing scams, the Google phishing scam appeared to come from a person in your contact list making it look like an email you’d normally receive from that contact.
  • Realistic-Looking Link. Unlike regular email scams with sketchy links, the link from this particular phishing scam looked very similar to how a Google Doc link would look.
  • Google’s Security Page. Accessing the link first led users to Google’s real security page, making them confident they’re opening a safe file.

Once you’ve given the fake application permission, the real problem begins. The malware would then access your contacts so it could send the same email to everyone in your list, spreading the phishing email like wildfire.

Another unique characteristic of the latest Google phishing scam is that you can’t just change your password in hopes of restoring the security of your account. The malware doesn’t work with passwords and multifactor authentications. Since you’ve already granted it permission, changing your password won’t prevent it from accessing your account.

Luckily, Google took action immediately, stopping the phishing email from further spreading. According to the tech giant, the phishing scam affected less than 0.1% of its users and the vulnerability only lasted for an hour.

With many companies using cloud services for their operation, a phishing scam could have severe effects on businesses. Unfortunately, not everyone is like Google. Without a highly trained tech team and a cyber security strategy, a phishing scam could decimate your business.

Signs You’ve Received a Phishing Email

The first – and most basic – step to protecting your business from internet security breaches is to teach your employees how to spot a phishing email.

Here are signs you’ve received a malicious email:

  • Deceptive Domain Name. Oftentimes, you are so familiar with the spelling of words you regularly encounter that you don’t really pay attention to them anymore. This is especially true for domain names. An email originating from go0gle.com could easily be mistaken as a message from google.com. Another example is having a known brand as part of the domain name. For instance, users may easily assume that google.com.phishing.com is related to google.com.
  • Cloaked Links. The displayed text and the hyperlink that comes with it doesn’t match. Most phishing emails would write out the complete URL that users need to click. However, google.com may not necessarily lead to that URL. A common mistake among users is not checking the destination of a link. You accomplish this by simply right clicking on the link itself.
  • Urgent Call-To-Action. Many phishing emails contain a time-sensitive call-to-action, convincing you to respond immediately. Otherwise, you lose an offer or face consequences for your inaction.
  • Initial Action Not Taken. Receiving a reply from your bank regarding a supposed request for a password change when you didn’t actually request anything should automatically make you suspicious. Another common phishing email is about winning a lottery, even if you didn’t buy one in the first place.
  • Personal Information Required. Inquiries about your personal information should always be handled with caution no matter how legitimate the email may seem.

Things to Do When Your Internet Security Has Been Breached

Now that you know how to spot a phishing scam, the next thing you need to think about is a cyber security strategy to prevent vulnerabilities and restore security when it has been breached.

  • Security Check. Once you suspect a data breach, implement a security check to find out how much of your network and files have been affected.
  • Isolate Networks. When you know which servers or folders the worm, virus, or malware has affected, isolate them so that it won’t affect other parts of your network.
  • Report Vulnerability. If you’re using a third-party service, contact your service provider immediately and let them know what happened.
  • Develop a Cyber Security Strategy. A breached network means the strategy you have isn’t working. It’s time to develop a new one that takes into account more complex security attacks like the recent Google Phishing email.

A cyber security strategy is an important investment for your business. Don’t leave anything up to chance. Consult experts!

To learn more about Internet security and protection for cloud services, get in touch with us today. We’ll help you protect your data so you can focus on your operations and business growth.