Something 'phishy': Why Irish organisations are a plum target for hackers

Human link still weakest cyber defence as more organisations fall victim to socially-engineered cyber fraud and phishing attacks.

It has emerged that UCC had €110,000 stolen from it by hackers in 2015.

The revelation follows on the heels of a major cyber attack on Trinity College Dublin in April in which up to €1m was reportedly scammed by thieves.

The Sunday Independent reported that UCC is currently under sustained attack by fraudsters with at least three attempted frauds per week.

It reported that in 2015 online criminals successfully penetrated its security network, laundering €110,000 to an offshore account after gaining access to the accounts payable department.

The revelations show just how vulnerable Irish institutions are to scams by sophisticated fraudsters.

After WannaCry devastated systems around the world, it is understood that a number of Irish businesses fell victim to the Petya attack last month.

Ransomware attacks are on the rise and usually block organisations from their systems in return for a ransom. In the case of WannaCry and Petya, the hackers appeared to be more interested in simply destroying systems.

But other more elaborate schemes simply find ways to manipulate users into making mistakes.

The weakest link? You

What is worrying is how managers in organisations are susceptible to social engineered attacks, for example.

In the case of Trinity College and the theft of up to €1m from the Trinity Foundation, the money was allegedly siphoned off by thieves who sent emails asking college officials to change bank account details for payees.

The Foundation was alerted by its bank to suspicious activity in its accounts and some of the funds were recovered.

It is isn’t just academic institutions that are prey to these sophisticated attacks.

In recent weeks Meath County Council confirmed that some €4.3m in funds that were the subject of cyber theft in October last year were safely returned to the Council’s bank account.

The money was frozen in a bank account in Hong Kong after Gardaí interrupted attempts to steal the money.

The council was the victim of what is known as “CEO fraud” in which large sums of money are transferred by criminals in foot of a bus instruction in the name of a company chief executive.

In the case of UCC, crime gangs successfully penetrated its network and laundered €110,000 to an offshore account.

It is understood that some €73,000 of the money was recovered by the university through its insurance policy.

The attack prompted the university to invest more than €100,000 on stronger firewall technology and software to identify fraudulent emails and malware.

The college still faces at least two to three attempted frauds per week.

The truth is any organisation big or small can fall victim to sophisticated social engineering attacks that often begin with a phishing attack whereby a user click on a link within an email or volunteers information.

No matter how much an organisation invests in its security, the weakest link will always be human.

The key is to educate and train staff in how to recognise suspicious emails and other communications and not fall victim.

The reason Irish organisations are a plum target for socially engineered cyber attacks is because they aren’t putting enough effort into training staff to be wary.

More needs to be done.

The price isn’t just financial, it is reputational.

How to avoid the Google Docs phishing attack and what to do if you fell for it

Google customers have been targeted with a scam that gave hackers access to the contents of emails, contact lists and online documents of victims.

The scam asked users to click on a link to a Google Doc that appeared to come from someone they knew.

On opening the link, Google’s login and permissions page asked users to grant the fake Docs app the ability to “read, send, delete and manage your email”, as well as “manage your contacts”.

The sophisticated scam, unlike more common attacks, worked through Google’s system. Most phishing scams seek to glean personal information from victims such as usernames, passwords, addresses and financial details by leading them to fake versions of real websites from an email.

Google has now shut down the attack. “We have taken action to protect users against an email impersonating Google Docs and have disabled offending accounts,” the company said. “We’ve removed fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing happening again.”

But it is possible that users could still have unread versions of the scam emails in their inboxes or that it could return in a different form. Here are some tell-tale features that give the scam away, ways to avoid similar attacks and what to do if you fell victim to the attack.

How to avoid the scam

First of all, users should be suspicious if they have been sent a link to a document that they weren’t expecting to receive. If in doubt, they are advised to send a separate message to the person the link purports to have come from and ask them if they sent it.

The scam emails also contain a give away in the recipients section, which shows they have been sent to “” with others BCC’d.

Another sign of the scam is the extensive permissions it asks for. Most applications, especially Google-run ones, will not ask for the ability to delete and send email addresses on a users’ behalf. Users should make sure they always read what is being requested before granting permission.

Google has asked customers who receive such an email to flag it to them by clicking the downward arrow in the top right hand corner of the message and selecting “Report Phishing”.

What to do if you opened the email

If you have already given the scammers access to your account, you can still revoke the privilege.

Go to the permissions section of “My Account” on a device you’re logged in to. Here you will be able to see all of the apps that have access to your Google account and what they can do.

The scam app will be in this list under the name “Google Docs” and will look legitimate. However, when you click on it it will have a recent authentication time and will say that it has permission to “manage your contacts” and “read, send, delete and manage your email”.

Google here gives users the option to “Remove” permissions. Click this, read the terms and select “OK”.

Victims are also advised to change the passwords to their online accounts to protect any information that may have been compromised.

PHISHING ALERT: Get a 'Google Doc' email? Be very careful

Gmail is investigating a new phishing scam that appears to be spreading rapidly. 

The email says it has a Google Docs link for you to open. If you click that link, it redirects you to a legitimate Google sign-in page. You’re then prompted to select one of your Google accounts, which is all normal, and then you’re asked to authorize a legit-looking app called “Google Docs” to manage your emails.

The app requests permission to read, send and delete emails, but it isn’t really a Google app. It’s an app controlled by the hackers. once permission ha been granted to manage your email, it secretly sends out a bunch of emails to all your contacts, with the same phishing link.

Once hackers have control of your Gmail account, the possibilities are scary. Personal and business email accounts are commonly used as the recovery email on a number of digital accounts, which means that hackers could potential get control over your Apple, Amazon, Facebook, Twitter or personal Google account. Anything you have linked to a compromised Gmail account is potentially at risk.

The email may look like it’s coming from someone you know, but in order to distinguish if it’s legit or not, you need to check the “To:” field. If it’s part of the phishing scam, the address will show up as “”.

There are things you can do to protect yourself: 

1.) Delete any email about a shared Google Doc, unless you yourself can verify with the sender that it’s not the phishing email. 

2.) If you clicked on the link, you should set up two-factor authentication. 

3.) You can also remove permissions for the fake “Google Docs” app from your Google account. Go to, Sign-In and Security, and Connected Apps. From there, look at the list of connected apps, and ensure that anything you don’t recognize is deleted.

Gmail responded to the issue on Twitter, saying, “We are investigating a phishing email that appears as Google Docs. We encourage you to not click through, & report as phishing within Gmail.”

%d bloggers like this: