Online collaboration tools have revolutionized how people work on and share documents such as articles, spreadsheets and presentations. While old workflows based on emailing files back and forth and working with multiple versions via track changes are still important, real-time revision has really come to the fore thanks to innovative platforms such as Microsoft Office 365, Google G Suite and Apple iWork.
By shifting user workloads to the cloud, this trio eliminates the need to store large collections of files on local hard drives while also ensuring that everyone is always looking at the most recent version of each document. Their intuitive design, straightforward scalability and easy integration with other applications have made them exceedingly popular: Office 365 alone is on track to have more than 100 million users this year, according to estimates based on Microsoft’s FY16 Q4 earnings report.
Since they are hosted off-site and heavily dependent on multi-user interaction, cloud-based collaboration suites are also vulnerable to specific cyber attacks that can cause substantial damage to user credentials and devices. A recent malware campaign affecting Google Docs demonstrates the risks here.
What’s the danger from the recent Google Docs scam?
In early May 2017, many Google Docs users opened their inboxes to see an invitation to view important documents. After clicking the link and logging into their Google accounts again, they were then asked to grant permissions to “Google Docs,” which was actually a malicious application with a deceptive name, designed to collect their passwords and other data.
“The scheme was particularly effective since it worked within Google’s authentication system.”
The scheme was particularly effective since it worked within Google’s authentication system, and it didn’t depend on the use of malware. Granting permissions to third-party apps is standard procedure when something is connected to your Google, Facebook or other internet account, so many people do not think twice about it.
The good news is that there are a few common-sense steps you can take to avoid falling victim to this scam and others:
1. Never click a link unless you’re sure where it leads
If you don’t recognize an email sender or the site or document you’re being directed to, don’t click through. If a link has been shortened (e.g., to a bit.ly address), use an online link expander to see where it really goes. With Google Docs or Microsoft Office 365, confirm with the collaborator if you are unsure about the veracity of a document you’re being asked to view.
2. Set up two-factor authentication
It is a good idea to require more than just a username and password when signing into an important account. An additional factor, such as a code displayed on a separate device, makes it harder for unauthorized users to access your data. It also lessens the impact of having a password stolen in a scam such as the most recent one on Google Docs. Multi-factor authentication can be easily enabled for Office 365, Google and Apple accounts.
3. Activate password alerts for Google Docs
Google offer a Password Alert service that lets you know whenever your Google password is entered on a non-Google domain. This way, you’ll know if your credentials are being put at risk from an elaborate fake, such as the one that hit Google Docs in May 2017.
Paying attention to the small details always pays off in identifying and avoiding potential issues with online collaboration tools. You can gain additional protections by using a platform such as Premium Internet Security and Anti-Virus from Total Defense to identify threats and protect your PC from harm.