The malicious emails purport to come from a financial institution
Would you click on a link that allegedly points to a “secure document” sent to you by a financial organizations using Google Docs? You probably shouldn’t.That’s because cybercriminals are currently sending out such emails in an effort to trick users into handing over their login credentials.
The emails analyzed by Sophos experts are titled “Secure Document” and they read something like this:
A Secure Document was sent to you by your financial institute using Google Docs.
Follow the link below to visit Google Docs webpage to view your Document
Follow Here. The Document is said to be important.
The Gmail Team”
Users who click on the link are taken to a fake Google website that instructs them to log in to their email account. However, it doesn’t necessarily have to be Gmail. It can also be Outlook, Yahoo, AOL, Comcast, Verizon, or another email account.
This way, the cybercriminals can collect credentials for a wide range of accounts.
It’s important to beware of such phishing emails, even if you don’t have any important information stored in your email account. As Sophos’ Chester Wisniewski highlights, email accounts can often be leveraged to access more important online assets, such as banking accounts.