Vancouver, BC – Despite the fact your local BBB does double duty raising public awareness about scams, even it gets targeted once in a while. While it’s not a new scam, the Google Drive and Drop Box email continues to make the rounds. “My BBB email account is the latest to get hit by this and we just want to send a warning to the public that this is still happening,” says Evan Kelly, Senior Communications Advisor with BBB serving Mainland BC.
“The email comes in from someone you know. The one I received was from another BBB in the southern U.S. and it looks legit. The user even gets a polite email response when inquiring about the safety of the message. When you try and open the file by inputting email and password, that’s when they get a hold of your contacts within your inbox. Many organizations share google documents among staff members so the scam it feels quite natural.”
How it works:
You receive an email notice that someone shared a Google Doc with you, and you can access it by clicking on a link. If you click through, you are taken to an exact copy of the Google log-in page.
The look-alike log-in form prompts you to enter your Google username and password. The data is sent to the scammer’s server, but you are redirected to a real Google Doc. This means you are probably unaware anything even happened!
The scammers are using an actual Google Drive account to host the scam file, which lends a legitimizing Google.com URL to their con. Inputting your email and password into the fake form gives the crooks access to your Google Drive, Gmail and any personal information stored within.
Tips for protecting your Google account:
• Look for a phishing alert. Gmail automatically displays warnings on messages they suspect are phishing attacks. Always look for these warnings at the top of your email.
• Know when you are logged in. If you are already logged into Gmail to check your email, you won’t need to log-in again to view a Google Drive document.
• Report it: Help Google identify suspicious emails by reporting them. On an email message, click the down arrow next to “reply” and select “report phishing.”
• Turn on two-step verification. If you fear your account has been compromised or you are worried about security, you can sign up for additional security for your Google account. Logging in will then require both a username/password and entering a code sent to your cell phone.
• If your account may have been compromised. Be sure to review this security checklist to make sure scammers aren’t accessing your email. Topics covered include checking past log-in locations and making sure auto- forwarding isn’t activated.
• Change your password often. Hackers using this email scam get a hold of your password, changing it should prevent them from accessing again.
