LOS ANGELES - This week many folks found a suspicious e-mail in their inboxes. They were invited to look at a Google Doc with a link that was in fact a phishing exercise to tap into our digital identities.
Luckily, Google got wind of it quickly, and disabled many of the features that were designed to steal information from you.
The incident puts a spotlight on Google Docs and how we collaborate with the free, Internet-based word-processing tool. It could be better. Way better. And much of the onus is on us—we need to do a better job of explaining to our friends what the link is, and why it should be opened.
Remember, look for the blue logo
Sharing a document with others via Google Doc lets you select friends or colleagues, and they in turn get an e-mail saying that you have been invited to "edit the following document." Your recipients see the name of the document, and the familiar blue Google Docs logo. In the scam, they received something very similar.
Hackers are savvy individuals, but they usually get one or two details wrong. In the bogus e-mail, which was sent to over 1 million Gmail users, including this reporter, we were asked to "Open in Docs," but an official e-mail request would have put in the Google Docs blue logo, and the actual name of the file we're being invited to view.
But in both cases, the scam and the legitimate share, people get a form generated e-mail by a company that claims to be Google, under your name, and they have no idea whether it's real or not. Most folks don't even bother to put a message into their share e-mail.
—Google also offers the option to click to obtain a "shareable link," at the top of the screen. Try that instead of generating the Google e-mail. Copy the link, compose an e-mail and send it to your friends with a personal note, telling them what's in the link and why it should be opened. After all, we're never going to open an e-mail with just a link again, right folks? As Forrester Research analyst Fatemeh Khatibloo told us this week, "always be skeptical."
—Enable Google's two-factor authentication for your own protection against hackers. By having to sign in not once, but twice, the hackers will move on to lazier prey who use easy to crack passwords like 1-2-3-4-5-6 and "p-a-s-s-w-o-r-d." Google's two step process starts by signing in with your Google password. The second step is either a text message with a code, or if you prefer, you can also open up your Google app on your smartphone, and click "Yes," when prompted if you really want to sign in. Google also has an Authenticator app for signing in.
© 2017 USATODAY.COM