Emails with links to fake/malicious online documents
/Hackers often use phishing emails with links to either fake or real online document storage sites (Google Docs, Dropbox, Box, etc.) to spread malware. I've often seen this happen after someone's email is hacked and everyone in their contacts list receives this type of phishing attempt. Some emails even say you have received a "secure document" from a sender you are familiar with. Sometimes they are obvious such as links that go to random websites and not Google, Dropbox, etc., but sometimes there are phishing attempts with links to the real Google Docs, Dropbox, etc.. Some of the emails even have Google and Dropbox logos to make them appear to be legitimate, so it can be difficult to determine legitimate emails from malicious phishing attempts. I received one of these types of emails from the management company I had been going back and forth with regarding an issue with a home we were renting from them. I have experience with these types of phishing emails, but since I had been emailing the management company back and forth, I let my guard down clicked on the link in the email.
Here are few steps you can follow to protect yourself from these types of phishing emails:
- Contact the person sending the email via a different means, such as by phone, to confirm they meant to send the document/email. Replying via email is not a good method, because their email could have been hacked and the hacker could still have control and simply reply back saying it was legitimate.
- Even if you are expecting a document from someone, hover over the link (without clicking the link) to see if the link (or URL) points to some random unrelated website. For example, if it says it is on Dropbox, it shouldn't go to randommaliciouswebsite[.]com. Be careful though, there are times where the links will actually go to Google Docs, Dropbox, Box, etc., so even if the link goes to a legitimate website, use caution and follow the procedures outlined in this post.
- Look at the to and from closely. If it is sent to an undisclosed list, sent to the sender and you are blind courtesy copied, or if it was sent to a bunch of people that seem to have no connection it is a definite warning sign and I wouldn't click the link. I would, again, contact the person via a different means, such as phone, to confirm the legitimacy of the email.
- If you have been waiting for a document and it has been a day or two before you get the link, as the sender, via a different method as explained previously, to resend the email or link to the document.
In the phishing email I had from my management company, there were several warning signs. It was sent to the person at the management company and I was blind courtesy copied. That should have been all the clue I needed, but I missed it. Second, I wasn't expecting a document from her. Both of those warning signs should have tipped me off, but again I let my guard down. It's obvious her email was compromised.
Here are screen shots of phishing emails pretending to link to Google Docs. They have Google logos, but the links go to a totally unrelated websites.