A scam has picked up in Australia, and that’s bad news for anyone who thinks someone they know might be sending them an important document.
Your inbox wakes up with a message, an alert from a friend that you have received an “important eDocument”, and it even has the date in the subject line.
‘It must be important,’ you think to yourself, ‘it says important and today’s date.’
So you click the link expecting an important document from today to come online. But that’s not what happens, and even though you should be logged in already to your Google account, up pops a system asking you to login again.
What do you do?
In this case, you’ll want to check the domain at the top of the webpage and see if it’s a scam, because in this case, it most certainly is, as a Google Docs “eDocument” scam makes itself known around the web.
Someone sent one to GadgetGuy this week, and we’re reporting it to you, highlighting how you can pick up on this scam, and how to avoid other ones like it.
A picture of the initial email is in the picture above, and while it might look semi-official (though also not really), the link you’re supposed to click on doesn’t come from Google, which you can see if you click on it, directing the user to a URL shortener and then through to a website without Google in the title.
In general, you shouldn’t click on these links, but if you do, pay attention to the domain it comes from, because while it is possible to come up with a fake clone, most of the scammers out there aren’t even bothering with something quite so complicated, and are assuming people won’t check.
For this case, the URL we’re taken to is “buyppcheck.com”, a domain we’ve never heard of which obviously isn’t Google.
Not helping this is the pixelated image of the Google Drive webpage, with a little window on top waiting for you to fill in your email provider.
But people caught by this scam wouldn’t likely have noticed the URL up top, nor would they have noticed the request for a supposed Google webpage to let them login with a Yahoo, Outlook, or even AOL account, something Google isn’t likely to do.
Instead, people who are caught by this sort of scam may have entered their details in the first place, an action which not only leaves your email and password open to theft, but also will perpetuate this scam, allowing it to be sent to other users.
“Phishing continues to be the first attack of choice for many cyber criminals, but with awareness of the latest tactics and the right tools you can reduce your chance of being scammed,” said AVG’s Michael McKinnon. “With the large number of Google users also, this type of attack is very popular and appears to spread from previously infected accounts holders.”
“It can be challenging when it comes to verifying the authenticity of an email or instant message,” he said, adding “especially if the sender’s email or social media account has been hacked. But there are some simple sanity checks you might like to consider.”
According to McKinnon, these tips include contacting the person who purportedly sent the email to begin with to find out if it is indeed real. If you can’t get in contact with them, try searching some of the email on the web, copying a bit of the text or subject line into Google to see if it could be real, or if the email lines up with what other scams are being perpetrated.
And if you’re at all confused or can’t work out the authenticity, there’s the possibility of clicking the link itself.
“It’s worth emphasising that knowing if a link is truly “bad” before you click isn’t a perfect science, and even security professionals can’t tell until they visit it,” said McKinnon. “For example, it could be a link to a perfectly legitimate website that just today has been compromised.”
AVG has a video on this which we’ve embedded above to help people learn what a good link looks like, but it needs to be said that these sorts of scams aren’t new, and while it might seem like an awful thing to do, scammers are not going to stop for the one simple reason: it works.
People fall for this all the time, and in our hurried lives, we don’t stop to think that the website we may be logging into might not be the real deal, especially if we’re checking the email from a mobile, when the resulting tiny view of the webpage on our smartphones and tablets can look even more authentic just because the screen size — and browser size — is that much smaller.
The next time you do click on a link, make sure to check if it’s the real deal before entering your info, because the last thing you’d want to happen would be to reset every detail in your life just because someone wants to steal your account and make your life — and a whole bunch of others — a living hell.
