Several bookstore members have recently received e-mail communications that appear to be phishing attempts by potentially malicious parties to acquire sensitive information. Some of these e-mails have included falsified Google Doc invitations.
To help booksellers identify these fraudulent e-mails, here American Booksellers Association System Administrator Josh Harding offers some tips on what to look for in a true Google Doc as well as a link to further information about phishing scams.
Legitimate Google Doc share requests differ in several ways from the forged ones that have recently been circulating. Below are a few tips on what to look for in a legitimate document.
For example, Greg just shared a document with me:
When I hover my cursor over the “Open in Docs” link, the following shows up on the bottom left corner of my browser window:
Note that the domain is docs.google.com. This is where I’ll go if I click the link. Anything that doesn’t end in google.com should be an immediate red flag.
Here are a few more reasons the Google Doc invitation above looks legitimate:
- Greg’s Google profile picture is included. For folks without a profile picture, their first initial will show in its place.
- The “From” address is “Greg via Google (email@example.com).” Legitimate shares always come from Google, not from an individual’s e-mail address.
- There’s a note that matches the tone and grammar that I’m accustomed to seeing from Greg.
The Internet has plenty of bad actors, and they can be very clever. Caution should be used whenever you’re asked to open a link in an e-mail, but extra caution should be taken if you’re prompted for a username and password as a result of clicking a link in an e-mail.
Additionally, here is a primer on how to avoid phishing attacks and spoofed e-mails.
Questions about phishing scams can be addressed to Director of ABA Technology Greg Galloway.