May Security Notice

May Security Notice

Security Notice: Google Docs

Google Apps (Docs)

Greetings All,

This month’s topic is less than 48 hours old and still creating a buzz in the world of Information Security. Google’s G-Suite formally known as Google Apps has been exploited by a phishing attack aimed at google users that have OAUTH2 accounts.

The attack appears as an e-mail where a user receives a shared document from a familiar name possibly one from your contact list. Once you click on this link, you will be redirected to the OATUH2 service on accounts.google.com (which is the real purpose behind this attacked), then asking for authentication and/or your password.

Google has already released a patch that prevents attacks of this kind to be created again but a large number of users were already sent e-mails so please be on the lookout.

Professional Advice

Please continue to use caution when opening e-mails even from trusted contacts as the threat above and many others are disguised as a “trusted contact”.

Just Right Technology’s 3 rules for safe internet use include Read, Identify, and Examine:

  1. Read: To often users only read the subject and not the where the message came from. Always read both and realize that email providers like Google continue to provide new ways to stay safe. For instance, you can hover over a sender’s name to view their profile card and ensure the email address matches up with the contact’s name.
  2. Identify: Now that you have read the email message before opening it, you can identify whether the message is valid or not. Google’s standard inbox view displays parts of the actual message before you open it. You should be able to identify if parts of this message are in line with messages from this contact and if it’s save to open.
  3. Examine: Let’s assume after reading and identifying the message, it is safe but upon opening the email you realize that it is spam or a harmful message. Fortunately, a large percentage of internet and web attacks require the user to take action by clicking a link or submitting information. There is still time to click on the “Mark as Spam” button or simply make a note of the instance and delete it.

Your Security Is Our Priority

We take security seriously at Just Right Technology. When we receive security vulnerability reports and/or valid articles and resources directly from clients like in this case, we work as quickly as possible to investigate the risk and determine the best course of action. Not just for our clients, but business community as large.

Thank You

Just Right Technology