Information Security Advisory: Attack through Google Docs Request (Now Mitigated)

Attack through Google Docs (Now Mitigated)

Early today, RIT users were targeted in a phishing attack that masquerades as a document request on Google Docs. The link provided in the email messages are to the legitimate Google login system. Google has now blocked this particular attack from occurring.

Here's one of the variants below. You'll note that it very closely resembles the read Google docs notification email.

How do I know this is a phishing attempt?

  • The days of looking at an email and knowing immediately that it's a phishing attempt are over. The sender address and the logo may have look authentic. Pay attention to what the email is asking you to do, or if it has an unexpected attachment.
  • Be wary of unsolicited attachments and documents. If you are not expecting an attachment or document, confirm with the sender prior to opening. 
  • Phish use a common technique of trying to impart a sense of urgency and trying ti get you to supply the requested information quickly.

What is RIT doing to protect me?

  • RIT blocks most phishing/malware attacks from reaching RIT e-mail accounts
  • myMail.rit.edu has not been compromised
  • McAfee VirusScan (McAfee HIPS) with up-to-date virus definitions will protect against viruses and many other threats that may be associated with phishing emails. (Antivirus software is available free to RIT students, faculty, and staff for home use from http://www.rit.edu/its/services/security/).
  • MySpam ill block many of these phishing emails. However, senders actively modify messages to avoid spam traps like Ironport, and that allows a few to slip through.

What can I do to protect myself?

  • Revoke access to Google Docs immediately. The real Google Docs doesn't need access. (https://myaccount.google.com/permissions)
  • View your sent email and check for any spam emails
  • Inform whoever sent you the phishing email about this advisory, and let them know their account may have been compromised.

RID RIT of the phishing attempt

  • Report the phishing attempt to spam@rit.edu and infosec@rit.edu
  • Inspect your computer if you clicked on the link by running a virus scan. (Change your password if you provided it.)
  • Delete the phishing attempt

For more Information

  • For more information about detecting Phishing, please visit the RIT Information Security Phishing Page.

 

Remember: RIT will NEVER ask for your password through e-mail.

Quick InfoSec Tip: Many of us use smartphones or tablets to check our RIT email. Although we can't hover our cursor over a link to see where the link goes, we can press on the link until we see the pop-up providing that information. We must be extremely cautious in clicking on links from our mobile devices.