Re: [RBW] Re: DON'T OPEN GOOGLE DOC

[Braxton Colagross]

The bad guys spoof 2FA prompts and steal those codes the same way as 
passwords. This example especially tough to catch because they're 
displaying a legit Google.com oauth login for an app called "Google Docs" 
that isn't Google Docs. This is also an old trick. The new one simply uses 
an oauth token so no password (or 2FA) is required. 

On Wednesday, May 3, 2017 at 1:29:41 PM UTC-7, Tim Butterfield wrote:
>
> If you don't have 2 factor authentication on your google related accounts, 
> you can add that here:
> https://www.google.com/landing/2step/
>
> Tim
>
> On Wed, May 3, 2017 at 1:15 PM, Chris Birkenmaier  > wrote:
>
>> I was going to PM you to see if you were sending me something.  Glad I 
>> didn't touch it.  thanks for the heads up
>>
>>
>> On Wednesday, May 3, 2017 at 3:40:19 PM UTC-4, Joe Bernard wrote:
>>>
>>> There's a massive phishing operation going on. If you see something from 
>>> me or any other list member requestion to open a Google Doc, don't touch it!
>>
>>

-- 
You received this message because you are subscribed to the Google Groups "RBW 
Owners Bunch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to rbw-owners-bunch+unsubscr...@googlegroups.com.
To post to this group, send email to rbw-owners-bunch@googlegroups.com.
Visit this group at https://groups.google.com/group/rbw-owners-bunch.
For more options, visit https://groups.google.com/d/optout.

Re: [RBW] Re: DON'T OPEN GOOGLE DOC

[Joe Bernard]

Jeff, I tried Manage Apps. Google Docs is not listed as an app I use. 

-- 
You received this message because you are subscribed to the Google Groups "RBW 
Owners Bunch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to rbw-owners-bunch+unsubscr...@googlegroups.com.
To post to this group, send email to rbw-owners-bunch@googlegroups.com.
Visit this group at https://groups.google.com/group/rbw-owners-bunch.
For more options, visit https://groups.google.com/d/optout.

Re: [RBW] Re: DON'T OPEN GOOGLE DOC

[Tim Butterfield]

It's a very good idea to never open the unexpected attachment without
validation first.  For reference, the Docusign phish emails I received
yesterday look like this in gmail:

Header:
[image: Inline image 3]

Body of email:
[image: Inline image 1]



On Wed, May 3, 2017 at 3:30 PM, Lee Legrand  wrote:

> I never opened the doc because it looks so suspicious.  Why would you send
> me a document and I hardly know you and it is not listed as part of any
> group.  Thats why I never opened it.
>
> On Wed, May 3, 2017 at 6:14 PM, Joe Bernard  wrote:
>
>> That's a good idea, Patrick. Thanks!
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "RBW Owners Bunch" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to rbw-owners-bunch+unsubscr...@googlegroups.com.
>> To post to this group, send email to rbw-owners-bunch@googlegroups.com.
>> Visit this group at https://groups.google.com/group/rbw-owners-bunch.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "RBW Owners Bunch" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to rbw-owners-bunch+unsubscr...@googlegroups.com.
> To post to this group, send email to rbw-owners-bunch@googlegroups.com.
> Visit this group at https://groups.google.com/group/rbw-owners-bunch.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups "RBW 
Owners Bunch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to rbw-owners-bunch+unsubscr...@googlegroups.com.
To post to this group, send email to rbw-owners-bunch@googlegroups.com.
Visit this group at https://groups.google.com/group/rbw-owners-bunch.
For more options, visit https://groups.google.com/d/optout.

Re: [RBW] Re: DON'T OPEN GOOGLE DOC

[Tim Butterfield]

There are tradeoffs with password storage approaches.  1Password lets you
store them locally instead of in the cloud on a server controlled by
someone else.  LastPass stores them in the cloud, but the browser
extensions validate the URL before recognizing the site for filling in the
login page fields.

Keep in mind that some URLs look valid, but are not.  Refer to this article
for more information on unicode phishing.
https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/

Tim

On Wed, May 3, 2017 at 3:10 PM, Deacon Patrick  wrote:

> As a start, you may want to change your Google password. I use 1Password,
> which makes managing unique passwords ridiculously simple. Passwords look
> like this, even for one off sites I register with for whatever reason: 
> xfrNemjHZWnAdFU3qUzQWXDN
> (not actually a password to anything, just showing an example).
>
> With abandon,
> Patrick
>
>
> On Wednesday, May 3, 2017 at 4:07:53 PM UTC-6, Joe Bernard wrote:
>>
>> Leah: I never figured out a fix, I assume it finally stopped bouncing to
>> every damn person I've ever emailed. It's very upsetting.
>
> --
> You received this message because you are subscribed to the Google Groups
> "RBW Owners Bunch" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to rbw-owners-bunch+unsubscr...@googlegroups.com.
> To post to this group, send email to rbw-owners-bunch@googlegroups.com.
> Visit this group at https://groups.google.com/group/rbw-owners-bunch.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups "RBW 
Owners Bunch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to rbw-owners-bunch+unsubscr...@googlegroups.com.
To post to this group, send email to rbw-owners-bunch@googlegroups.com.
Visit this group at https://groups.google.com/group/rbw-owners-bunch.
For more options, visit https://groups.google.com/d/optout.

Re: [RBW] Re: DON'T OPEN GOOGLE DOC

[Lee Legrand]

I never opened the doc because it looks so suspicious.  Why would you send
me a document and I hardly know you and it is not listed as part of any
group.  Thats why I never opened it.

On Wed, May 3, 2017 at 6:14 PM, Joe Bernard  wrote:

> That's a good idea, Patrick. Thanks!
>
> --
> You received this message because you are subscribed to the Google Groups
> "RBW Owners Bunch" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to rbw-owners-bunch+unsubscr...@googlegroups.com.
> To post to this group, send email to rbw-owners-bunch@googlegroups.com.
> Visit this group at https://groups.google.com/group/rbw-owners-bunch.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups "RBW 
Owners Bunch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to rbw-owners-bunch+unsubscr...@googlegroups.com.
To post to this group, send email to rbw-owners-bunch@googlegroups.com.
Visit this group at https://groups.google.com/group/rbw-owners-bunch.
For more options, visit https://groups.google.com/d/optout.

Re: [RBW] Re: DON'T OPEN GOOGLE DOC

[Jeff Lesperance]

Joe - you likely need to take further action - you can read more about the
mechanics of this phishing attack here:

https://www.theverge.com/2017/5/3/15534768/google-docs-phishing-attack-share-this-document-with-you-spam

Where details about removing access to the offending app are detailed as
follows:

If you’ve clicked the link, your account may have already sent spam
messages to the people in your address book. But you can revoke future
access through Google’s “Connected Apps and Sites
” page; where it
will appear as “Google Docs.”
[image: Google Docs phishing access]



On Wed, May 3, 2017 at 6:07 PM, Joe Bernard  wrote:

> Leah: I never figured out a fix, I assume it finally stopped bouncing to
> every damn person I've ever emailed. It's very upsetting.
>
> --
> You received this message because you are subscribed to the Google Groups
> "RBW Owners Bunch" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to rbw-owners-bunch+unsubscr...@googlegroups.com.
> To post to this group, send email to rbw-owners-bunch@googlegroups.com.
> Visit this group at https://groups.google.com/group/rbw-owners-bunch.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups "RBW 
Owners Bunch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to rbw-owners-bunch+unsubscr...@googlegroups.com.
To post to this group, send email to rbw-owners-bunch@googlegroups.com.
Visit this group at https://groups.google.com/group/rbw-owners-bunch.
For more options, visit https://groups.google.com/d/optout.

Re: [RBW] Re: DON'T OPEN GOOGLE DOC

[Tim Butterfield]

If you don't have 2 factor authentication on your google related accounts,
you can add that here:
https://www.google.com/landing/2step/

Tim

On Wed, May 3, 2017 at 1:15 PM, Chris Birkenmaier 
wrote:

> I was going to PM you to see if you were sending me something.  Glad I
> didn't touch it.  thanks for the heads up
>
>
> On Wednesday, May 3, 2017 at 3:40:19 PM UTC-4, Joe Bernard wrote:
>>
>> There's a massive phishing operation going on. If you see something from
>> me or any other list member requestion to open a Google Doc, don't touch it!
>
>

-- 
You received this message because you are subscribed to the Google Groups "RBW 
Owners Bunch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to rbw-owners-bunch+unsubscr...@googlegroups.com.
To post to this group, send email to rbw-owners-bunch@googlegroups.com.
Visit this group at https://groups.google.com/group/rbw-owners-bunch.
For more options, visit https://groups.google.com/d/optout.