Post Content

 

dej7zss9d9hsj3ymhpjr05cju6k4z6mThe unusual worm that landed in the mailboxes of Google’s Gmail users last week was a sophisticated identity phishing scam that quickly spread to various other contacts. Scammers were able to get users to open a malicious link using one the oldest tricks in the scamming playbook: sending it through an email from an existing contact. The email, which was very authentic looking, appeared to be a GoogleDocs link that your trusted contact wanted to share with the recipient.

Google acted quickly, deactivating the fake accounts and warning users via social media, still the malware spread quickly. Users who opened the link authorized a legit-looking app called “Google Docs” to manage your emails. The app, which isn’t associated with Google, gave scammers access to Gmail accounts. The link was then emailed to contacts. But what’s worse is that scammers could now potentially access anything linked to that account, giving them the opportunity to gather personal information, reset passwords, or take over Facebook or online bank accounts.

Tips for Gmail users:

  • Look at the email address of the sender. Many scam-savvy users opened the address field and discovered the email was sent from an account ending in malinator.com. That’s a sure sign it’s a fake.
  • Sign-up for two-factor verification.
  • Take the time to change your Google password.
  • Google recommends that users do the Google Security Checkup. This will allow you to check your settings and activity, as well as show you the apps you have approved. If you downloaded the fake app, be sure to delete it immediately.
  • Activate spam filters. They are designed to detect and block emails sent from abnormal or faulty addresses. If you see that an apparently important message has been filtered as spam, check it carefully to ensure it is not from a spoof email address.
  • When in doubt, ask the sender if they emailed a link. If they didn’t, delete it and report it to Google.

Google also maintains a list of common scams related to their business. Read about them here.

If you have additional questions, contact the Office of Consumer Affairs and Business Regulation by calling our Consumer Hotline at (617) 973-8787, or toll-free in MA at (888) 283-3757, Monday through Friday, from 9 am-4:30 pm. Follow the Office on Facebook and Twitter, @Mass_Consumer. The Baker-Polito Administration’s Office of Consumer Affairs and Business Regulation along with its five agencies work together to achieve two goals: to protect and empower consumers through advocacy and education, and to ensure a fair playing field for all Massachusetts businesses. The Office also oversees the state’s Lemon Laws, data breach reporting, Home Improvement Contractor Program and the state’s Do Not Call Registry.

Written By:

Recent Posts

Scam Alert: Charitable Giving Fraud posted on Nov 23

Scam Alert: Charitable Giving Fraud

The holiday season brings out the best in people, and that often means making charitable donations.  While we get into the gift giving spirit this month, scammers are finding new ways to take advantage of your generosity through charity scams. This year Massachusetts joined the   …Continue Reading Scam Alert: Charitable Giving Fraud

Halloween Safety Tips posted on Oct 31

Halloween Safety Tips

Summer quickly faded to Fall with bright color leaves changing and crisp weather rolling in.  These changes also mean that it’s spooky season, a time for costumes and delicious treats.  Halloween is one of the most anticipated nights this month and staying safe is very   …Continue Reading Halloween Safety Tips

UMass Memorial Health Data Breach posted on Oct 29

UMass Memorial Health Data Breach

A data breach is the unauthorized acquisition of personal information that creates a substantial risk of identity theft or fraud. The Massachusetts Data Breach Notification Law mandates that all data breaches involving Massachusetts residents be reported to the Office of Consumer Affairs and Business Regulation   …Continue Reading UMass Memorial Health Data Breach