As reported by Scamicide, there is a new phishing scam riding on the back of Google Docs attachments. A phishing email is sent to unsuspecting victims that urges you to click on a Google Docs link. Clicking on the link will turn over your email account to the scammer which not only will give the hacker access to all of your emails, but also your contact list which will enable the hacker to contact your friends with emails that appear to come from you and will be used to lure your trusting friends into clicking on links that can download keystroke logging malware that can lead to identity theft or ransomware.
This is a particularly clever attack, which works immediately and offers a convincing level of authority, especially if it’s been sent from a colleague or friend. When the source is trusted, it adds to the validity, which in turn spirals the hack out of control.
To defend against this particular threat, users are urged to employ two factor authentication, in case they click on the link before it’s too late. This way, cyber criminals are not able to complete their scam as they would then need your mobile phone as well to carry out a complete account takeover.
To mitigate the risk of keylogging malware being installed on your device, strong antivirus software is always advised also.