LOS ANGELES (CBSLA.com/AP) — Google is warning users to beware of a phishing scam spread by a fraudulent invitation to share a Google Doc.
According to online reports — in particular, a detailed user thread on Reddit — clicking on the share link was taking users to a site that asked permission for a fake app calling itself “Google Docs” to access their accounts.
If they agreed, the app would then send additional phishing emails to the users’ contacts.
Aled Miles, CEO of cyber security firm Telesign said journalists and people connected to big companies are big targets.
“Potentially as a journalist or anybody in a large company, you have a lot of contacts. So it helps the speed that this phishing attack can travel,” he said. “This degree of sophistication is very very clever.”
Google says it has disabled offending accounts, removed fake pages and updated its Safe Browsing feature, which issues warnings when users visit dangerous sites.
It encourages affected users to run its security check feature.
One telltale sign: The attack email appears to be directed to the address firstname.lastname@example.org, and only blind copied to the recipient.
Miles advised the best way to protect yourself is to use the 2-step verification feature.
“If somebody wants to access your account, there’s another step that they need to make get to your account.
(TM and © Copyright 2015 CBS Local Media, a division of CBS Radio Inc. and its relevant subsidiaries. CBS RADIO and EYE logo TM and copyright 2015 CBS Broadcasting Inc. Used under license. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed. The Associated Press contributed to this report.)