Be careful if you receive a message something like the following:
If you’re a regular user of Google Docs, Apple iCloud, Microsoft OneDrive/Office, or another sharing site, make sure the login screen looks familiar before you sign in. Look for a lock icon in the web address. If you’re not sure about a link, contact the sender by phone or text message and make sure they’ve actually sent you the email.
Scams like this can really cost you. If you complete the sign-in process, you could be giving your account and password to a stranger, who can gain access to your account and mine your data for any other information they can get about you. They might send emails to your contacts, who could also be compromised. Because the emails come from someone you trust, it seems legitimate. And by designing a look-alike login screen, hackers fool people into giving their real credentials.
If you didn’t click the link or didn’t sign in, you’re OK. This isn’t a virus, so nothing is installed on your computer and no one can take over your computer. It’s a social engineering phenomenon.
Already clicked the link and entered your account and password? Close the window, open a new browser window and type the actual web address for your account (see help below). Change your account password immediately. If you use that account for email, you should also check your email settings on the webpage. The hackers may add a filter or rule that automatically deletes incoming messages or forwards them elsewhere so they can intercept them.
It’s a good idea to also change passwords at shopping and other sites where you used the same email address & password combination. Lists of email addresses and matching passwords are sold on the black market and used to break into accounts all over the internet – not just the original hacked account.
See help for changing passwords:
- Google – Gmail, Google Docs/Drive, Google Calendar, Google Play, YouTube
- Microsoft – Outlook, Office, Hotmail, OneDrive, Skype
- Apple – iCloud, iTunes, App Store, iMessages, FaceTime
- Yahoo – email, Flickr & Tumblr
Identifying a spoof site
We’ll use this fake Google Docs site as an example. Sadly, hackers are getting better at spoofing real sites so yours may look different.
- Foreign web site, not a legitimate Google, Microsoft, or Apple web address. (.za is from South Africa.)
- Out-of-date branding, strange capitalization or mispelled words.
- If this were really a Google site, why would they give you the option to sign in with a competing provider?
- Don’t enter your email address & password here – you’re giving it to hackers.
- Look for the lock (secured connection) & valid website URL.
- Modern branding and familiar design.
- Your username & account picture may already be shown.
- Some browsers may automatically fill in the password you saved. This is OK – it won’t work with fake sites.
Remember: This is not a virus and does not damage your computer. If you don’t enter your username & password on a fake site you can simply close the window and move on.