Falling for an email phishing scam at the office

Article

My front desk team sent me an email that indicated they shared a Google document with me. We share documents with each other all of the time. When the email signature appeared slightly different, my first thoughts were, “Shoot! This isn’t right. I bet we have been hacked!”

It was the typical manic Monday morning of opening up the inbox which had been stacking emails while we were away all weekend. That crushing feeling of an insurmountable workload had teamed up with some uncleared cobwebs and resulted in a diabolical email debacle. The short of it is we gave our Gmail login credentials to a hacker who used them to send a phishing email to our contacts.

More from Dr. Bazan: 10 reasons why my practice doesn't have a phone

Why did you open it?

My front desk team sent me an email that indicated they shared a Google document with me. We share documents with each other all of the time. When the email signature appeared slightly different, my first thoughts were, “Shoot! This isn’t right. I bet we have been hacked!”

Then my mind flashed to a couple of emails that had come in since Friday afternoon. The emails Friday were “Vital Information” and the best-selling follow-up “DO NOT OPEN EMAIL TITLED ‘VITAL INFORMATION’-IT IS A HACK.” My next thought was “That knucklehead Aaron probably just opened that email and just spammed our contacts!”

More from Dr. Bazan: HIPAA in the age of social media

I Gchatted with Aaron and found out he got the first email, and before seeing the second message opened the “shared” document. Why, man? Why?!? Why did you open that email!?!?!?! Those were my next thoughts. However, this was no ordinary email hack. Upon investigation, it was the most sophisticated phishing email I had ever seen. Here is why Aaron still has a job.

Next: Lookalike login fooled us

 

Lookalike login fooled us

We were working closely with a company to help resolve a problem we were having with its product. The email “Vital Information” was from a person we were working with at that company.

We are accustomed to using Gdocs, Dropbox, and other cloud-based apps when working on projects. The email itself was created in a way to mimic this normal task of logging on and viewing the document. It looked really really good.

Now here comes the mind-blowing sneaky and sophisticated part. When you click the link to view the document, it brings up a screen that is the exact login screen that we are accustomed to seeing. Nothing appeared out of the ordinary, the link seemed legit, and when what appeared to be the normal Google login screen appeared, Aaron simply entered the login information like he normally does.

However, in reality he had just given the hacker free reign over our Gmail account.

More technology: 5 ways to improve in-office purchasing

I was curious why the link didn’t set off the normal alarms. I typically will see a warning that the link is suspicious. However, this link looked so legit because the hacker was using a link that pointed to a Google URL for Gdocs! Wow! These criminals are so smart. Because the link really did point to a shared Gdoc, it passed the test, and no warning was given.

The link brought up the spoofed Gdoc login page. This was a first of its kind and a very clever way to pass through both current security measures and the “smell” test.

Aaron, you get a pass on this one. I understand why you were duped. We knew the sender, it’s not uncommon to share Gdocs with him, the link pointed to a Google URL, and the sign-in page looked normal. This truly was something that could have happened to even the shrewdest of email users.

Next: Taking back control of our account

 

Taking back control of our account

After the hacker had control of our Gmail account, he used our account to send a similar phishing email to everyone in our contact list.

I snapped into action. First order of business was to take back control of our account. Luckily, Aaron was still signed in to our Gmail account. If he had signed out or had been kicked out by the hacker, we would have had to begin the process of account recovery.

To regain control, I asked Aaron to access the account login details section, which is found at the bottom right of the inbox. Next, he signed out of all other web sessions, which should have booted out the hacker. Then, we immediately changed our account password. Finally, I researched how to handle a Gmail hack.

More from Dr. Bazan: How to respond to a bad online review

Fortunately (or unfortunately, depending on your point of view), such hacks are such a common occurrence that Google offers a step-by-step guide. I followed the steps listed and quickly discovered that the hacker had already changed some settings to suit his needs. In fewer than five minutes, I was able to regain control of our account and ensure that our settings were restored.

I immediately sent out warnings via social media (Facebook, Pinterest). Because our Gmail account wasn’t operational, I sent a blast out via Mail Chimp warning patients and others on our list that any recent mailings were not from us.

Victim even by the book

We fell victim to the most sophisticated phishing attack that I had ever seen. It passed the smell test, and we had our defenses up (as you should, too). A good anti-virus program, reliable firewall, virtual private network (VPN), and an anti-malware program are up and running. Our browser has protective extensions. We use only reputable torrent sites and work with credible users. We were doing things by the book.

So, if ever you find yourself in a similar position, I hope that this blueprint for recovery can help. Carry on, Aaron!

Recent Videos
Cecilia Koetting, OD, FAAO, DipABO, cited data from a recent student that found that presbyopia treatment with 0.4% pilocarpine led to up to 86% of patients achieving 20/40 or better.
Kerry Giedd, OD, MS, FAAO, was 1 of 20 investigators around the country for a study evaluating the daily disposable contact lens.
According to A. Paul Chous, MA, OD, FAAO, optometrists have an important opportunity to educate patients in their chairs about diabetes.
David Geffen, OD, FAAO, gave a poster presentation titled "Revolutionizing Comfort: Unveiling the Potential of Perfluorohexyloctane Eyedrops for Contact Lens Wearers" at this year's Academy meeting.
Jessica Steen, OD, FAAO, Dipl-ABO, discussed ophthalmic considerations for patients undergoing treatment with antibody drug conjugates for gynecologic cancers at this year's conference.
A. Paul Chous, MA, OD, FAAO, details a presentation on this year's updates on diabetes given at this year's Academy meeting
Sherrol Reynolds, OD, FAAO, said that multimodel imaging has been a game changer in assessing the choroidal function and structural changes in various disease conditions.
Susan Gromacki, OD, FAAO, FSLS, provides key takeaways from this year's American Academy of Optometry symposium genetics and the cornea.
Roya Attar gives an overview of her presentation, "Decoding the Retina: The Value of Genetic Testing In Inherited Disorders," presented with Mohammad Rafieetary, OD, FAAO, FORS, ABO, ABCMO.
Ian Ben Gaddie, OD, FAAO, outlines key findings from a recent study evaluating lotilaner in patients with Demodex blepharitis and meibomian gland dysfunction.
© 2024 MJH Life Sciences

All rights reserved.