Scam email alert! Beware!

BEWARE IF YOU RECEIVE AN EMAIL SAYING A FRIEND WANTS TO SHARE A DOCUMENT WITH YOU (or any other email that asks you to log into your Gmail or other email account)!

In the past few days, a multitude of iTandCoffee clients have been caught out by a Phishing email that looks quite convincing.  As a result they have given away their email address and password to those that sent the email!

The email that they received was from someone they knew, so looked like it could be legitimate.  It said that there is a document that the person wants to share with them, and includes a link to that document. Or it said that the person wished to share a message with them - just click the link!

For the case where the email supposedly had a document, the link took them to a screen like that shown below, showing that there is a PDF document to be downloaded and viewed.  It looked like screen from Google.

When they clicked the 'Download pdf' button, they were taken to a login screen that looks like that below.  It looked quick authentic, so they chose the Gmail option (as they had Gmail email addresses, which then asked them to log in to their Gmail account to view the attached document.

After entering these details, they either got a login screen asking them to log into their Gmail account or, if they were already logged in to their Google account, they were taken to Google Drive and shown their own set of documents (if they had any).

Unfortunately, as soon as they had entered their gmail address and password, they had given away these details to the seedy individuals who sent the email.  

A similar email takes the victim to a screen that appears to be an iCloud login screen.  This scam is very clever, as it looks at your email address and takes you to a different page depending on the type of email account you have!

This type of email is known as a 'Phishing' email.  

It's purpose is to get to to enter some confidential security information for an account (and perhaps other confidential information).  They can then access that account and use it to do various things - such as sent SPAM and Phishing emails to people in your address book.  These emails will look like they came from you and can result in others falling for the same scam.  

With access to your email account and password, they could also reset your password so that you can't access it, and arrange password resets for other accounts that use this email address.  They can also access all sorts of confidential information that be in your email account.

Of course, if the same email address and password has been used to set up other online accounts (eBay, PayPal, iCloud, iTunes, etc), the scammer can also gain easy access to these accounts.

What do you do when this happens?  

We'll shortly publish more articles about how to reset you email password and set up a feature called two-step authentication.  Keep an eye out for these articles on the iTandCoffee Blog.