Beware phishing scam affecting millions, including in Aroostook

8 years ago

A clever phishing scam is rampaging through the Internet, affecting millions across the web including some in The County. 

Students at Maine universities, local businesses and others are being alerted to beware of the malicious emails that appear to be coming from a friend or familiar contact inviting the user to click on a shared Google Doc.

The email, however, appears to be another phishing scam designed to steal personal information such as usernames, passwords and credit card or other account information, often for malicious reasons.

This scam has masked itself well enough to avoid traditional tell tale signs of a fraudulent email and gmail users who have recently received such emails, including those with “hhhhhhhhhhhhhhhh@mailinator.com” in the address, should not open them.

The spam email also latches on to the user’s contact list, replicating itself and sending out similar spam messages to everyone on the list asking them to view a shared Google Doc. The spam email deletes itself afterward, but cyber security experts believe only after grabbing a handful of data.

The University of Maine System’s Information Security group has warned users to avoid opening the email and recommended to those who fell victim to the scam to change their passwords immediately.

What makes this email so devious is that it appears to use a legitimate third-party Google application with the name “Google Docs” and requests access to the user’s account with the ability to get around two-step verification.

“Several students and staff have opened the document due to it looking like it came from a campus member,” said UMFK Administrative Specialist Vicki Daigle.

Over the past 24 hours, social media has lit up with users warning others and some admitting to falling prey to the scam.

Google officials announced on Twitter that they’ve addressed and are investigating the Google Docs scam and they are asking users who think they were affected to visit g.co/SecurityCheckup.
Phishing is the attempt to obtain sensitive information such as usernames, passwords and credit card details often for malicious reasons.