As we live more and more of our lives online, the threats from online criminals have become more and more dangerous. This is nothing new, but the attacks are becoming more sophisticated — and designed to use our own habits against us.
Eleven years ago, comic musician Weird Al Yankovic released a catchy tune called “Virus Alert,” which in his own humorous way, offered up a warning about the perils of opening e-mails from individuals you don’t know or with attachments you aren’t expecting. Today, it almost seems quaint, now that online criminals have become ever more sly with their methods.
Even before the advent of social media and cloud computing, computer users worldwide were served up a wide helping of computer viruses, and despite advances in technology, the danger remains high. All you need to do is look at last fall’s high-profile e-mail hack attack, which had a definite impact on voters and their decision at the ballot box.
Is this week’s Google Drive phishing attack along the same lines as allegations of Russian interference in the United States’ 2016 presidential election? In some ways, it pales; in others, it may easily eclipse what happened in the waning days of the campaign.
Phishing is the fraudulent practice of sending e-mails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. In the May 3 Google Drive situation, the attack seemed to focus at least locally on education e-mails and their servers. Teachers and administrators across the School District of Palm Beach County and other educational systems nationwide reported an influx of questionable e-mails indicating that “[Coworker name here] has shared a document on Google Docs with you.”
If you clicked the link, it asked for some access permissions to the individuals’ Gmail account (which actual Google Docs links would not need), and then spammed everyone in their contacts with a link to a Google Docs file. They, in turn, e-mail everyone in their contacts, and so on. All of them seemed to include the e-mail address “firstname.lastname@example.org.”
If, by chance, you received this e-mail and clicked on the link, here’s what you need to do, if you haven’t already done so: go to your Gmail account’s permissions settings at https://myaccount.google.com/permissions, and then remove permissions for “Google Docs,” the name of the phishing scam.
What’s of concern to area residents is that many teachers across the district have incorporated Google Drive into their daily lives, including accepting and sending assignments electronically to and from students on Google Drive accounts set up by the school district for student use. This is the world in which we live, where the technology we have at our fingertips now controls how we live and work, not the other way around.
As we noted in December, cybersecurity concerns are not new. In a survey of 24 federal agencies, the General Accounting Office found between 2006 and 2015, the number of cyberattacks climbed 1,300 percent — from 5,500 to more than 77,000 a year. This week’s attack was not an outlier. Nor is there any guarantee of absolute protection; even the best anti-virus programs can be overrun by intelligent creators of viruses and other cybercrime. All we can do is be aware of the dangers, keep our protections active and updated, and hope we don’t get caught in the trap. And just to be a bit safer, change your e-mail password. It can’t hurt.