Microsoft 365 Business Admin Guide: Securing and Managing Microsoft 365 Business Download Free E-Book →
Emergency? Urgent?
Please Call 763.593.3017 or 888.707.3017

Remote
Control

When you work with SUCCESS, you have the opportunity to share your computer screen, mouse and keyboard with one our help desk technicians. Using this technology, we can see what you see on your screen. We can diagnose and fix problems as if we were sitting at your desk. We can demonstrate tricks and tips to help you in the future. Of course, when we disconnect, we cannot get back unless you permit it.

To share your desktop, enter your session code and click Connect.

Customer
Support

Our Customer Support Portal provides a window into our internal service ticketing, invoicing and knowledge base systems. Using it, you'll be able to create, modify or close a support ticket (or just give us some instructions or information). You'll also be able to access pdf copies of each of your invoices and service statements, while also viewing statistics about your use of our services. What's more, each service ticket becomes a searchable knowledge base article, created only for the people within your organization.

You'll be given access to our Customer Support portal when you sign up for our Managed Services. Please contact us if you need help.

To access our Customer Support portal, click the launch button below.

Launch

Service
Request

Click the button below to send an email to our support team. To better serve you, please include the following information in your email:

  • First and Last name
  • Company name
  • A detailed description of your problem
  • Preferred way to be contacted
  • Best times to reach you
Email Support
3 Things We Can All Learn from the Google Docs Phishing Scam

3 Things We Can All Learn from the Google Docs Phishing Scam

By Chris VanAnda,
Senior Network Engineer SUCCESS Computer Consulting, Inc.

It was hard to miss the news about the Google Docs phishing scam last week. A hacker was able to gain full access to over a million Gmail accounts in under an hour without even needing the victims’ credentials. All they had to do was create a fake program they conveniently named “Google Docs”, send out an email to some people claiming they wanted to share a document with them, and hope the user clicked “Allow” to grant their malicious app access to their email and contacts. That’s either extremely impressive or extremely frightening, depending on how you look at it.

A example of the google login phishing scam

This was a relatively new type of attack known as “OAuth Phishing”, and many security experts agree this is the next big thing. OAuth is short for Open Authentication, and it’s the technology that allows apps to obtain access to online accounts without needing the user’s password once they have authorized it. For example, Facebook games uses OAuth to post statuses from other apps on your behalf.

A malicious application gaining access to your account via OAuth is extremely dangerous because it will have access to your account even if you change the password. The app will continue to have access to your account until you specifically revoke access to that app. Because the issue with Google Docs last week was so widespread, Google became aware of it quickly and had completely revoked the app’s access within a couple hours and there appears to have been no real damage caused.

However, this incident provides us all with some important lessons beyond current, well known precautions:

Don’t blindly click a link or open an attachment in an email—even if it’s from someone you know.
Were you expecting this person to send you a link to a document right now? If not, it never hurts to call them to confirm. Unfortunately, replying to the email asking them isn’t always foolproof either—if the hacker has control of the mailbox, they can reply back saying “Yes, I sent you that link, it’s safe to click on.” We have seen this happen in the real world.
If an application requests access to anything, stop and question why.
Hackers are now using the same legitimate applications their victims use to lull them into a false sense of security and trick them. In this case, the only fake thing was the app claiming to be “Google Drive”. Everything beyond that were actual Google logon screens. The victims essentially told Google “Yes, please do allow this malicious application full access to my email and contacts”. It’s easy to get complacent and approve requests out of habit. Take a moment to really think about what the application is requesting.
If asked to login to something, stop and question why.
Often times, phishing emails will present you with a fake login screen. It may look like Gmail or your bank, but it could be a fake site setup by the hacker to trick you into giving them your credentials. In this case, you were actually logging into Google, but everyone can now see how this can be equally as damaging.

Shockingly, 91% of successful data breaches start with a spear-phishing email. Adding OAuth Phishing to the mix will unfortunately make it even easier to trick users, so it’s more important than ever to remain vigilant. It’s best to keep these additional precautions in mind. If you are ever unsure, please ask SUCCESS or your IT department to review a message—much better to be safe than sorry.