Yesterday’s Google Docs email scam involving thousands of UCSC accounts and millions of people, was dangerously convincing and pretty sophisticated.
Instead of tricking someone to click on a link to give up their password or personal information, it instead tricked the person into granting permission to a third-party application who then had privileges to access their account, their contacts, password resets, and emails. What’s even scarier, once the person clicked on the link they were taken to a very real-looking (but fake) Google authentication page where permission was granted for the attacker to access the account.
By acting quickly, Google had the phishing attack under control in about an hour through a combination of actions. ITS also took action by purging the scam message from everyone's UCSC email inbox. Only Gmail contact information was accessed during the attack and Google's investigation shows that no other data was exposed.
This is an excellent reminder that no matter how legitimate an email appears, NEVER click on mystery links without first verifying the legitimacy of the message even if it appears to comes from Google Docs sharing. If something just doesn’t look right, DELETE IT.
Good Security Practice Reminders
Change your UCSC Blue and Gold passwords
On a regular basis, it’s a good idea to change your Blue and Gold passwords and set your security questions by going to the CruzID Manager website at cruzid.ucsc.edu. Instructions are available at: http://its.ucsc.edu/accounts/passwords.html
Don’t reuse your Blue and Gold passwords for other accounts or access, especially personal accounts.
Perform a Google Security Checkup
This checks your Google Account settings and activity to make sure that you've approved all of the apps and other content that can access your Google account. NOTE: When you run the check, in the "Check your recent security events" section, you may see daily "Changed password" listings. This might look alarming, but it's completely normal and part of the daily automatic updates generated by the system. If any of these password changes were made in a location you do not recognize you may need to take further action. To run the security check go to: https://myaccount.google.com/secureaccount
Turn on 2-Step Verification
It wouldn't have helped prevent the phishing attack, but having 2-step verification turned on makes it harder for someone to sign in to your account should your password ever be compromised. Here are instructions for turning on 2-step verification: https://support.google.com/accounts/answer/185839?hl=en
For more information about the Google Docs phishing scam, visit: https://www.wired.com/2017/05/dont-open-google-doc-unless-youre-positive-legit/
If you have questions or need help, please submit an IT Request ticket at http://itrequest.ucsc.edu, or contact the ITS Support Center by email help@ucsc.edu, telephone 459-HELP(4357).