The Google Docs phishing attack is being talked about all over the internet and on network news. Read the full story here. The good news is less than 0.1 percent of Gmail users were affected by the attack, and Goggle stopped the attack within one hour.
Of course, with over 1 billion Gmail users even 0.1 percent is a minimum of 1 million accounts, and you personally may have been a victim. If you accepted the invitation to edit a fake Google Doc, immediately access your Google account Permissions page and remove access for the Google Docs app.
The latest update on the story now questions whether or not the Google Docs attack was actually used for phishing, but regardless of the ultimate outcome, phishing is a real threat you should take seriously.
The Dangers of Phishing Attacks
Phishing attacks are commonly used by hackers to gain access to your account details including passwords, contacts, and financial information. In the Google Docs incident, only contact information was exposed, but you must still take protective action. These types of attacks often lead to larger fraudulent activities leading up to stealing your identity.
Protect Yourself from Phishing Scams
Take the following steps to help ensure your information remains safe:
- Make your login credentials more secure:
- Create unique login credentials for all your accounts. If you use the same credentials across multiple sites, you are vulnerable if hackers learn the password for just one site. Think of it as having a single key for your cars, home, storage units, and safe deposit box. It’s convenient until the wrong person gets a hold of the key and gains access to everything! Password reuse is rampant—54 percent of people use five or fewer passwords to protect all of their online accounts! It can be difficult to remember a unique password for each site; use a password management system to store your login credentials safely.
- Create passwords that are difficult to hack. Avoid using your name or business name, family or pet names, your own or your family member’s birthdays, and your favorite sports teams. Instead, choose random words and include numbers, symbols, and both upper and lower case letters. Your password management system can generate complex passwords for you and serve as your memory when you need to remember them later.
- Change passwords for medium to high-security sites every three to six months.
- Carefully consider your actions before sharing sensitive information with any person or entity or allowing them access to your electronic devices:
- Be suspicious of any strange requests (for bank information, passwords, etc.) over email even if they appear to come from someone you trust. When someone’s account has been hacked, scammers gain access to their contacts AND past messages. Hackers can send new messages or continue an existing message thread.
- Don’t trust hyperlinked text. Hover over linked text to see what the actual URL is before clicking on it.
- Be suspicious of attachments. Scams can include attachments that are embedded images linking to a phishing page.
- Beware of pop-ups. Don’t call the number listed on the computer virus pop-up warning. It’s most likely a cybercriminal trying to gain access to your computer. Further, never enter personal information into a pop-up—legitimate organizations will not request information this way.
- Consider whether the permissions requested by an app make sense. For instance, a flashlight app does not need access to your contacts. Review the permissions of all your apps and adjust accordingly.
- Protect your identity. ID Watchdog monitors and protects your identity by
- Using proprietary monitoring solutions to cover every angle of identity protection.
- Diligently scanning credit and identity transactions with the largest identity and credit monitoring network available.
- Doing whatever is necessary to restore your identity back to its original state if it’s ever compromised.