Email Scam - Fake Shared Google Docs

There is a particularly effective email scam that tricks you into sharing permanent access to your Google account -- including all or your email.  In this article, I will show you how to identify it and how to recover from it.

It starts with an email message like the one shown below.  It is a very convincing looking notification of a Google Doc being shared with you.  (Names redacted.)




If you click "Open in Docs", it will ask you to authorize access.



It looks innocent enough until you look closer, because it claims to be "Google Docs."  But anyone can be named Julius Caesar;  it doesn't make them a famous Roman emperor.  Likewise, this isn't really Google Docs.  To figure this out, click on the words "Google Docs" and you'll see that it is owned by a random gmail.com account and not google.com.


If you click "Allow," they will gain permanent access to your account, including all email and your list of contacts.  From there, they will send the same message to everyone in your address book.

So what do we do about it?

If you can spot the scam, then just close the "Google Docs would like to..." window.  You're lucky.  Lots of people are tricked by this.

If you were victimized, you need to do the following steps to kick the bad guys out of your account.  Until you do, they're still there.

First, click on your icon in the upper right corner of Gmail.



Then click on the big blue "My Account" button.

That will bring you to a page full of boxes of links.  Inside the "Sign-in & security" box, click on "Connected apps & sites".



From there, click on "Manage apps" near the middle of the page.



This will bring you to a list of apps and website that have access to your account.



Most are probably legitimate.  But if you see anything that you can't explain, just click on it to get more details.



You can see the date that you connected this app to your account under "Authorization date".  Use that as a guide.  If you just added the bad app, then it will have today's date.

If you want to remove something, click on the "REMOVE" button next to it.  If you can't find the button, you click on the item to make it visible.

It will double-check with you.  Click "OK" to continue.



When in doubt, remove something.  It is easy to reconnect apps to your account.

That is it.  Once you've kicked them out of your account, just keep an eye out for odd behavior. If someone shared a Google Doc with you, it won't ask you for access to your email.  So any Deny/Allow choices should raise suspicions.

Making New Passwords

Passwords.  We all use them.  Most of us hate them.  Making a password that is hard for anyone else to guess means making it hard to remember, right?  Not at all.  You just need a system.

Here are three systems (with examples) that you can consider.  They will make your life easier and safer at the same time.

Methods:

1. Sing.
2. No vowels.
3. Shuffle two words.

Method #1:  Sing

Pick a verse from a song that you know well.  Then take the first letter of each word, perhaps with some shorthand.

Example #1:  "One is the loneliest number that you'll ever do" becomes "oitlntyed" or even "1itl#tyed".  This is a really hard to guess, but its very easy for any Beatles fan to remember.


Example #2:  "Mary had a little lamb, who's fleece was white as snow" becomes "Mhallwfwwas".  If you want to make it harder to guess, add punctuation with "Mhall,wfwwas."  (Note that "." is part of the password.)



Method #2:  No Vowels

Pick a short phrase from a song, book, or other memorable source.  Take out all the vowels and capitalize the first letter of every word.  You could also replace the vowels with numbers.

Example #1:  "No such thing as a free lunch" becomes "NSchThngsFrLnch".

Example #2:  "Bottled water" becomes "BttldWtr" (for no vowels) or "B0ttl3dW4t3r" (for number substitutions.)

Hint:  Most vowels have a number that looks loosely like it.  "a" = "4", "e" = 3", "i" = "1", and "o" = "0".  For "u", you could use "\" and "/" together, or "^", or something that you pick.  Just be consistent, so that you can remember it later.  You can even choose to just leave out any "u".

Method #3:  Shuffle

Pick two words and interweave the letters.

This method takes a little practice, but its easy to reconstruct your password if you forget it.  As a bonus, you can effectively have the same password on lots of different websites while reducing the risks of password-reuse.

Example #1:  "milk" and "shake" become "msihlakke".

Example #2:  "water" and "exercise" become "weaxteerrcise".  You can also add some numbers to the sorter word to fill in the empty spots.  For example, "weaxteerrc1i2s3e".

Example #3:  Pick a word for your new, universal password system.  Then interleave it with the name of the site or service.  For example, if your word is "phone", then your Amazon.com password would be "pAhmoanzeon" and your eBay password would be "pehBoanye".

Passwords

Worried about your password?  Think you have a good one?  Either way, I recommend spending two minutes checking out the advise from security company ZoneAlarm.  It could save your bank account some day.

Warning: FaceBook Scams

Thanks to spam filters and common sense, most of us don't fall for scams, phishing, and worms in our email any more.  As a result, spammers and identity thieves have moved on to a new format:  FaceBook.  Actually, they're not picky.  They like Twitter, MySpace, and other social networking services, too.

If you see a post on any of those services, remember to review it like any email.  If it sounds too good to be true, it probably is.  For example, if a friend or even a famous person is telling you about a free offer for laptops, iPhones, or iPads, chances are good that someone broke into their account.


If you use FaceBook, I recommend taking a look at this article:  How To Prevent & Remove Facebook Malware or Virus.  They offer a lot of good advise about protecting yourself from becoming the victim of one of these scams.