You know who you are, and thanks to the Google Doc scam yesterday, so do all of your contacts. You clicked on that Google Docs email, didn’t you?
It’s okay. You can fix it, and forgiveness is just around the corner.
First a lesson: never click on a suspicious email, especially if it has an attachment or looks familiar yet a little bit off. This was a pretty sophisticated attack, and if you clicked on the doc, you probably gave the scammers permission to access contacts and your drive. Which can be a larger problem if you have your taxes or other personal docs stored in Google Drive and not protected.
So here are some steps to take, although even they are not perfect. You are your own best defense from hacker attacks, so be vigilant.
Turn on Multifactor Authentication
Almost every email system, banking system, or other secure app offers you the option for multi-factor authentication: use it.
In fact, if you do not have it activated on your accounts, go do it now. I’ll wait. All multifactor authentication means is if you sign in from an unfamiliar computer, you will either need to get a text message or an email to a backup account before you can get access.
Is this inconvenient? It can be. It is also very inconvenient to criminals who do not have access to your phone or the other email address and can save you from a serious security breach.
Go to your Google account. https://myaccount.google.com/permissions. Scroll down to Google Docs, and revoke access.
This denies the app access to your docs and contacts, things you gave it permission to view by clicking on the email you received. This won’t change what the hackers may already have seen, but it will keep them from getting any more information.
Change Your Password
Change your password now, and change it every quarter. Set up a calendar reminder, a phone alarm, something. But change your passwords often and make sure they are strong ones.
Lock Down Cloud Storage
You do know that you can secure documents, right? You can require a password to access them at all, or even limit copying and pasting and editing. This is easy to do with both PDF, Word, and other documents.
This is the security equivalent of locking your front door: an experienced burglar (or hacker in this case) can unlock your files or pick a lock. However, not locking down sensitive files is the same as leaving your door open. It’s like an invitation, and your identity and personal information become fair game.
If you get a phishing scam, report it to the company it supposedly came from, in this case, Google. The company and others use this information to fix problems and bugs. For instance, if you get a fake email that appears to be from PayPal or Microsoft, report it to them.
Don’t assume someone else will report it. The broader picture the company gets of the scam, the more quickly they can move to fix it.
If you did click on the doc, and thousands of your closest friends got hacked too, apologize. The best way is often with a bottle of fine whiskey.
In fact, I got emails from at least 20 of you yesterday. I am waiting. Email me if you need my mailing address to ship it to me.
Just don’t send your request in a Google Doc.
Also published on Medium.