By Amber Wang
Thousands of Google Doc users received an email—that looked like it came from a trusted source—inviting them to open a shared document this week. Instead, as most know, this was a phishing scheme sent via Google Doc. Google has reportedly shut this down.
But if you clicked on the email—as many did—here are five steps take right now:
Step 1: Find the actual email
Google wants people—without opening the email—to report it as phishing. Do this by clicking on the right hand corner of the email—again without opening it—where The Telegraph says a drop down menu will allow you to "report phishing."
Step 2: If you had already opened the email, now go to your account page on Google
Click on http://myaccount.google.com/permissions. This is where you can find the permissions and details of various apps you use.
If you got anything like this in your email this week, it's probably not legit.
Step 3: Find the "Google Doc" app
This may look real on the page, but Motherboard says that if it is the malicious app, it should have a fairly recent "Authorization Time."
Step 4: Remove the app—and others that don't look right
Click the remove button and voila! You should be all set. As BGR also says, take a look to see if there other apps that don't look familiar to you, or have access to more than you like. If you still feel unsafe, you can run a Google Security Checkup for additional verification.
However, just because you got rid of that pesky hack doesn't mean it won't happen in the future. Here are some more tips on how you can spot future suspicious schemes and "phish-y" emails.
That return email address? That's doesn't look like a real email address, or one that seems like a real person.
Step 5: Verify the email addresses
The email used in this attack—with a user name that was just a dozen or so "h"s—is probably not a legitimate address. Although most people never really check, they probably should since sites like Google and Facebook are always being hit with new hacks.
Also—and this may not jump out at first—but scam emails are usually formatted with a little less skill than legitimate ones. The phishing email's format was different from typical Google Doc email templates. The phishing email has a simple one liner that says "X has invited you to view the following document" followed by the standard "Open in Docs" button.
However, real email invites have a gray border and more graphics along with Google's logo. Also, the header should read "X has invited you to edit the following document." Be sure to check that the document has a name or comes with a message — if it doesn't and you weren't expecting it, the document could be a hack.
Step 6: Download software
There are dozens of anti-phishing extensions, firewalls, and antivirus software that can be downloaded to help protect against these attacks — most of them free. Anti-phishing toolbars will check websites as you visit them and compare them to an ever-growing list of known phishing websites while firewalls will protect your computer from attacks.
Step 7: Read the news
Educate yourself on how phishing works and what the new techniques are. Up-to-date tech websites and popular media outlets can provide you with this information. Even tips such as "Never give out personal information" and "Be wary of suspicious links" can go a long way.
Even though Google responded quickly on the same day the phishing happened, more than a million users were still affected so really, everyone is on their own in some way while dealing with these scams. Remember — anyone can be the subject of hacking so don't be embarrassed or discouraged. Instead, educate yourself on how phishing works and what you can do to prevent further attacks.
-Amber Wang is a writer and photographer who also loves binge watching Netflix shows. She last wrote for GearBrain about how to shoot with a 360-degree camera.