Re: [RBW] Re: DON'T OPEN GOOGLE DOC

2017-05-04 Thread Braxton Colagross
The bad guys spoof 2FA prompts and steal those codes the same way as passwords. This example especially tough to catch because they're displaying a legit Google.com oauth login for an app called "Google Docs" that isn't Google Docs. This is also an old trick. The new one simply uses an oauth

Re: [RBW] Re: DON'T OPEN GOOGLE DOC

2017-05-03 Thread Joe Bernard
Jeff, I tried Manage Apps. Google Docs is not listed as an app I use. -- You received this message because you are subscribed to the Google Groups "RBW Owners Bunch" group. To unsubscribe from this group and stop receiving emails from it, send an email to

Re: [RBW] Re: DON'T OPEN GOOGLE DOC

2017-05-03 Thread Tim Butterfield
It's a very good idea to never open the unexpected attachment without validation first. For reference, the Docusign phish emails I received yesterday look like this in gmail: Header: [image: Inline image 3] Body of email: [image: Inline image 1] On Wed, May 3, 2017 at 3:30 PM, Lee Legrand

Re: [RBW] Re: DON'T OPEN GOOGLE DOC

2017-05-03 Thread Tim Butterfield
There are tradeoffs with password storage approaches. 1Password lets you store them locally instead of in the cloud on a server controlled by someone else. LastPass stores them in the cloud, but the browser extensions validate the URL before recognizing the site for filling in the login page

Re: [RBW] Re: DON'T OPEN GOOGLE DOC

2017-05-03 Thread Lee Legrand
I never opened the doc because it looks so suspicious. Why would you send me a document and I hardly know you and it is not listed as part of any group. Thats why I never opened it. On Wed, May 3, 2017 at 6:14 PM, Joe Bernard wrote: > That's a good idea, Patrick. Thanks!

Re: [RBW] Re: DON'T OPEN GOOGLE DOC

2017-05-03 Thread Jeff Lesperance
Joe - you likely need to take further action - you can read more about the mechanics of this phishing attack here: https://www.theverge.com/2017/5/3/15534768/google-docs-phishing-attack-share-this-document-with-you-spam Where details about removing access to the offending app are detailed as

Re: [RBW] Re: DON'T OPEN GOOGLE DOC

2017-05-03 Thread Tim Butterfield
If you don't have 2 factor authentication on your google related accounts, you can add that here: https://www.google.com/landing/2step/ Tim On Wed, May 3, 2017 at 1:15 PM, Chris Birkenmaier wrote: > I was going to PM you to see if you were sending me something. Glad I >