ITS Announcement: Follow up to Google Docs email scam

To: UC Santa Cruz Community

From: Lisa Bono, Information Technology Services

Yesterday’s Google Docs email scam involving thousands of UCSC accounts and millions of people, was dangerously convincing and pretty sophisticated.

Instead of tricking someone to click on a link to give up their password or personal information, it instead tricked the person into granting permission to a third-party application who then had privileges to access their account, their contacts, password resets, and emails. What’s even scarier, once the person clicked on the link they were taken to a very real-looking (but fake) Google authentication page where permission was granted for the attacker to access the account.

By acting quickly, Google had the phishing attack under control in about an hour through a combination of actions. ITS also took action by purging the scam message from everyone's UCSC email inbox. Only Gmail contact information was accessed during the attack and Google's investigation shows that no other data was exposed.

This is an excellent reminder that no matter how legitimate an email appears, NEVER click on mystery links without first verifying the legitimacy of the message even if it appears to comes from Google Docs sharing. If something just doesn’t look right, DELETE IT.

Good Security Practice Reminders

Change your UCSC Blue and Gold passwords

On a regular basis, it’s a good idea to change your Blue and Gold passwords and set your security questions by going to the CruzID Manager website at Instructions are available at:

Don’t reuse your Blue and Gold passwords for other accounts or access, especially personal accounts.

Perform a Google Security Checkup

This checks your Google Account settings and activity to make sure that you've approved all of the apps and other content that can access your Google account. NOTE: When you run the check, in the "Check your recent security events" section, you may see daily "Changed password" listings. This might look alarming, but it's completely normal and part of the daily automatic updates generated by the system. If any of these password changes were made in a location you do not recognize you may need to take further action. To run the security check go to:

Turn on 2-Step Verification

It wouldn't have helped prevent the phishing attack, but having 2-step verification turned on makes it harder for someone to sign in to your account should your password ever be compromised. Here are instructions for turning on 2-step verification:

For more information about the Google Docs phishing scam, visit:

If you have questions or need help, please submit an IT Request ticket at, or contact the ITS Support Center by email, telephone 459-HELP(4357).