Google Doc Users Hit By Massive Email Phishing Scam

May 4, 2017
Copyright 2018 NPR. To see more, visit http://www.npr.org/.

ROBERT SIEGEL, HOST:

Yesterday afternoon, an email went out to all NPR employees. It was marked with one of those red exclamation points to indicate that you'd better read it.

SOHAIL ANWAR, BYLINE: Subject - Google Docs phishing emails. A new phishing scam is circulating that includes a link to a malicious file shared via Google Docs. This email is a scam. Please delete or ignore this phishing message and notify the service desk if you have already clicked on the link inside. My name is Sohail Anwar. I'm the director of IT operations here at NPR.

KELLY MCEVERS, HOST:

This scam was happening all over the country, and people were falling for it because the email looked like it was from someone you know.

ANWAR: But when we looked at the to address, it was definitely fishy.

SIEGEL: The pun was not intended. If you received one of these emails, you were simply BCC'd - blind carbon copied. The address in the to field was...

ANWAR: Hhhhhhhhhhhhhh@mailinator.com.

MCEVERS: And unlike other scams, these hackers aren't asking for your bank passwords, but that doesn't mean they're not dangerous.

ANWAR: Our understanding is that this email invited you to open a shared document on Google Docs, and when you opened the document, it gave access to all the contacts in your Google email. And from then, they were able to replicate this same email to all those contacts.

SIEGEL: NPR reported that over 500 suspicious messages came in. So far, only three people have confessed to having clicked on the link.

PAM FESSLER, BYLINE: My name is Pam Fessler, and I am a correspondent on the national desk at NPR. I clicked it open and went up to the Google Docs page, but for some reason, I wasn't able to open it up. So I just kind of left it there. And then, of course, about a half hour later, I see this email from the IT department saying, beware of this phishing scam. And I said, oh, I did it. I could just kick myself.

MCEVERS: Pam, you are not alone.

FESSLER: Now, I should tell you that I got another one today, and I did not open it up. I just deleted it.

SIEGEL: To all the IT professionals working to keep us safe, thank you. And if you've received an email that looks fishy asking you to click on something, when in doubt, don't click.

MCEVERS: Google Docs tweeted in a statement saying they have disabled the offending accounts, and they offer a link for a security checkup if you think you were affected and they, quote, "encourage users to report phishing emails."

(SOUNDBITE OF THAO AND THE GET DOWN STAY DOWN SONG, "TROUBLE WAS FOR") Transcript provided by NPR, Copyright NPR.