Google Docs Phishing Scheme | Myki Security Report

Episode Two of the Myki Security Report is here!

Why is the TSA scanning your papers?

The TSA is starting to scan your papers at the airport! A passenger going through security at Kansas City International Airport was asked by the security officer to remove all paper products from his bag. That included everything from books to documents and even Post-It Notes. The passenger actually had to put them in a separate bin to be scanned separately. When he asked why he was being forced to remove the paper products from his carry-on bag, the agent told him that a pilot program that's being tested at that airport to begin rolling out nationwide.Yikes!

Your Smartphone is listening to you.

Researchers have found that some apps are continuously listening to inaudible, ultrasonic sounds from your surroundings and they know everything about you without your knowledge. What happens is your phone picks up what we call an ultrasonic audio beacon and feeds the data to a third party. Security researchers have found that more than 234 Apps on the Play store actually ask permissions to use your microphone to incorporate the ultrasonic beacon. The best way to reduce the chance of your smartphone listening for beacons is to simply restrict unnecessary permissions you have granted to the apps installed on your device.

To edit your permissions:
On Android Navigate to Settings → Apps → App Permissions and edit the privileges.

For iOS users: Go to Settings → Privacy → Microphone to see which apps have requested access to it, and which apps you have granted it to.

Google Docs Phishing Scheme

Do not click on a Google Docs link you've received in your email even if it's from someone you know. If you click on a phishing email, you will be redirected to a page which says,"Google Docs would like to read, send and delete emails, as well access to your contacts,” and ask you to "allow" access.

If you allow the access, the hackers would immediately get permission to manage your Gmail account with access to all your emails and contacts, without requiring your Gmail password. How? The "Google Docs" app that requests access to your account is fake and controlled by the attacker.

You should know that the real Google Docs invitation links do not require your permission to access your Gmail account. Google said that the last night's Google Docs phishing campaign affected "Fewer than 0.1% of Gmail users, which means nearly one million people were affected by it, handing over their email access to attackers."

If you didn't catch Episode 1 check it out now!

Subscribe to our YouTube Channel for more videos!

The Myki Security Report is brought to you by the Myki Password Manager Team. For more information visit: https://myki.co

Download the Myki Password Manager & Authenticator on Android and iPhone: https://myki.co/download