[CyberSecurity] Beware Google phishing attacks!!

OneNet Security cybersecurity at lists.onenet.net
Thu May 4 08:28:40 CDT 2017 

PLEASE BE AWARE OF THIS PHISHING CAMPAIGN.


Here is how it works.

The email body states "[name] has invited you to view the following document:" and includes a link to "Open in Docs". The link opens to a legitimate Google login page.
*         Once the recipients enter their credentials or select an account, a permissions box for a fraudulent application hosted at hxxps://googledocs[.]g-docs[.]win requests access to the user's address book and email.
*         Once the victim clicks "Allow" this provides the attacker access to their email account and address book but not their calendar. The attacker can then send phishing emails to other targets from the compromised account.

So you see, if you  opened and clicked and then clicked Allow, these attacks could ensue under your name and you should change your google password immediately.

Thank you all so much for your good reports and staying smart and aware.



Barbara McCrary
Chief Information Security Officer
MCSE, MCSE:Security, +Messaging, CompTia:Security+
bmccrary at osrhe.edu<mailto:bmccrary at osrhe.edu>

Protecting data is a shared responsibility!

INSTALL antivirus and antispyware software.
USE strong passwords.
KNOW who you are dealing with online.
STORE confidential and sensitive data on encrypted devices only.
SHUT DOWN home computers or disconnect from the Internet when not in use.

Oklahoma State Regents for Higher Education
655 Research Parkway
Suite 200
Oklahoma City, OK  73104
405 225.9316 office
405 234.4321 cell
405 234.4588 fax

Note:  This communication and attachments, if any, are intended solely for the use of the addressee hereof.  In addition, this information and attachments, if any, may contain information that is confidential, privileged and exempt from disclosure under applicable law, including, but not limited to, the Privacy Act of 1974.  If you are not the intended recipient of this information, you are prohibited from reading, disclosing, reproducing, distributing, disseminating, or otherwise using this information.  If you have received this message in error, please promptly notify the sender and immediately, delete this communication from your system.


___________________________________________________

Chris Kosciuk
Information Security
Oklahoma State Regents for Higher Education / OneNet
655 Research Parkway
Suite 200
Oklahoma City, OK  73104
405 225.9440 office
ckosciuk at osrhe.edu<mailto:ckosciuk at osrhe.edu>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.onenet.net/pipermail/cybersecurity/attachments/20170504/907b6873/attachment.html>

More information about the CyberSecurity mailing list