...
If you are ever suspicious of an email, it is better that you NOT click on any links or follow any instructions in the email. Contact the person or department the email is reportedly from via a different means, such as by phone. If you are concerned about the security of your password, navigate to the page in question yourself - not by following any links in the email - and change your password. As long as you have not clicked on any links or downloaded any attachments within a suspicious email, you can safely delete the message. (If you did follow a link or provide any sensitive information, go ahead and change your passwords. Consider running a virus scan. And depending on the scam, you may feel that some of the steps recommended in this USA Today article or this Google Support article are warranted.)
...
Someone shared a Google Doc with you...
| Expand | ||
|---|---|---|
| ||
Try calling them to check. How can we recognize phishing attacks?Although making the time to check details can seem impossible, try to take a minute to notice a few things.
Viewing a file that is shared with you should not prompt you to approve additional access. Always pay close attention to WHO is asking for WHAT access, and consider carefully whether they need it or not (this is true of the apps you install on your phone, as well!). |
Have You Been Phished?
There are a few things you should do if you think you've been phished.
- Change your password.
- Consider enabling multifactor authentication on your account (if you haven't already done so).
- Google offers a multifactor option at https://myaccount.google.com/security
- Drew offers Duo Security at drew.edu/duo
- Google offers a multifactor option at https://myaccount.google.com/security
- For a Google phish, check the following:
- In Gmail > Settings > Accounts and Import, look at "Check mail from other accounts" and "Grant access to your account".
- In Gmail > Settings > Filters and Blocked Addresses, look for any filters you do not recognize.
- In Gmail > Settings > Forwarding and POP/IMAP, check for any forwarding addresses.
- Visit https://myaccount.google.com/permissions to see what apps are connected to your Google account. Remove any you do not recognize (or no longer use).
- Visit https://myaccount.google.com/secureaccount to run a security check-up on your Google account.
Additional Examples, Resources and Information
- Please visit this article for additional examples and tips for recognizing phishing emails: https://www.bettercloud.com/monitor/c-suite-phishing-attack-examples/
- This Gizmodo article does a nice job of summarizing new phishing tactics (posted 3/20/2019): https://gizmodo.com/how-phishing-scams-are-evolving-and-how-not-to-get-caug-1832618224
- This article from How-To Geek tells you what you should and should not do with a phishing email: https://www.howtogeek.com/437513/what-should-you-do-if-you-receive-a-phishing-email/
- Password Safety Guidelines
- Best Practices For Keeping Your Computer Healthy
- StaySafeOnline.org article on Spam & Phishing
- SANS Cyber Security Awareness OUCH! Newsletter Archives