RSS feed Get our RSS feed

News by Topic

BizReport : Internet : May 09, 2017

Expert: What the Google Docs/Phishing scandal revealed to brands

Last week, news broke that phishers could use Google Docs to obtain consumers' personal information - and that news has a lot of consumers avoiding the shared documents and with good reason. We checked in in Ivanti's CSO about the problem.

by Kristina Knight

Kristina: What is the impact you're seeing from the Google Docs/phishing scandal?

Phil Richards, CSO, Ivanti: Google has taken aggressive steps to neutralize this particular phish. The company said in a statement that it has "disabled offending accounts. We've removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again." But when it comes to phishing scams, the best defense is in the hands of the users. The bottom line: if you can recognize this as a scam and not click through, your personal information will not get compromised.

Kristina: What made this successful for phishers?

Phil: Scammers and phishers are successful when they craft an email message that is so compelling, so urgent, and looks legitimate, that you - the unsuspecting victim - feel compelled to click on it and follow the instructions. They can look like they come from Google Docs, your work administrator, HR department, CEO, friend, spouse, or child. Users need to train themselves to step back, evaluate the message and look for clues it might be a scam. When in doubt, contact the sending party and verify that the email is valid before they open it. If I can't validate the authenticity, my motto is when in doubt, throw it out.

Kristina: What tips can you offer for consumers in situations like this?

Phil: In today's world of email scams, phishing and compromised credentials, a healthy dose of skepticism might just save users a lot of grief down the road. Some general phishing tips to remember:

1. The internet is highly unlikely to give you money. Most get-rich quick schemes are more likely to compromise your personal information than provide any income.
2. Typically, real legal notices will not come through email
3. Real banks notices will not require you to change a password via email
4. Just because an email has a logo that you recognize doesn't mean the email comes from that company
5. Examine the sending email address and the URL links

Tags: advertising, ecommerce, Google Docs, Ivanti, phishing scam

Subscribe to BizReport



Copyright © 1999- BizReport. All rights reserved.
Republication or redistribution of BizReport content is expressly prohibited without the prior written consent.
BizReport shall not be liable for any errors in the content, or for any actions taken in reliance thereon.