Lindabury, McCormick, Estabrook & Cooper, P.C.: GOOGLE Docs Incident Provides a Real-Life Example of the Dangers of Phishing05/12/2017

By Eric B. Levine

May 3, 2017 was a bad day for Google as a major phishing attack spread like internet wildfire, targeting users of Google docs. However, as bad as it was for Google, it provided us with a real-life example of how the first line of defense to a cyber-attack is none other than you and me. People, not breached firewalls or lack of encryption, are often the cause of a major cyber incident, but with a little diligence, we can present a formidable front-line defense.

What occurred on May 3, 2017 has been described as a widespread phishing scheme through which people received an email, apparently originating from a trusted source, that asked the recipient to open a Google document that was embedded within the email. If the recipient of the email opened the Google document, they would have granted the sender access to the recipient’s email account and contacts. Once the Google document read the recipient’s contacts, it in turn sent more phishing attempts to the recipient’s contacts. The cycle repeated itself rapidly, and Google estimated that the attack spread so quickly that at the peak of the attack, Google’s customer base saw about 150 messages sent per minute. It was estimated that the attack may have affected at least one million people.

Phishing is a form of social engineering that involves sending emails that appear to come from a trusted source or someone the recipient knows in an effort to obtain the computer credentials of the recipient of the email, to hack in the recipient’s private accounts and obtain their personal information or to infect the recipient’s computer systems. It is a common method of cyber-attack today and one, as Google can attest, that can quickly cause widespread havoc.
So how does one prevent being the victim of a phishing scheme? You start with some education and a little common sense. Consider the following:

Educate your employees and co-workers about phishing attacks. Make sure everyone you work with understands what one is and the dangers of what could happen if you are subjected to a phishing scam.

Advise your employees and co-workers to take time and review incoming emails. In this digital age, most of us feel compelled to respond quickly to our friends, colleagues and perhaps most importantly our clients and customers. In light of the rise of the types and frequencies of cyber-attacks, it is becoming increasingly important to slow down.

You simply cannot blindly trust an email that looks legitimate. You must carefully look it over to determine if it can be trusted.

If you receive an unsolicited email from a trusted source containing a file, but you are not expecting a document or information to be provided by email, do not immediately open the email or click on any links or attachments. Contact the source of the email and ask what is in the file or confirm that they actually sent the message. It is better to be cautious than curious, and a phone call can save you from a lot of trouble.

If you receive an email and do not know the source of the email, there is a good chance it is a phishing attack. In that situation, check with your IT professional before taking further action.

Look closely at the email address of the sender, the “Subject” line and the content of the email for clues that the email is not legitimate. For example, does the email address of the sender end in “.con” as opposed to “.com”? Have numerals been used in place of letters, such as spelling the word “yellow” as “ye11ow”? In case you missed it, the first “yellow” was spelled with two lower case l’s while the second replaced the lower case l’s with the numeral “1”.

Taking these steps may slow you down a bit or may seem like overkill, but consider the alternative. And full disclosure, I received one of these emails on Wednesday that seemed to originate from an attorney I was dealing with on a matter. I came very close to clicking on the link myself until I noticed that the subject line contained the following string of letters: “hhhhhhhhhhhhhhh”. That looked odd to me, so before opening the embedded Google doc, I called the sender’s office and was told that they had not sent me the document. I immediately deleted the email, emptied my deleted items folder and alerted my IT staff.