This Google Photos scam email has it all – false pretences, a fake giveaway of an item worth thousands, and playing on real fears about how your personal media could be used by a tech giant. It only takes a momentary lapse in judgement to fall for a phishing email scam. We explain what to watch out for with this one, plus how to stay ahead of scammers and phishing threats. Stay protected against phishing scams and more with our guide to the Best Antivirus Software All of which may make it seem pretty alarming as you read that Google has apparently chosen one of your photos to appear in a poster. Is that something that would even happen? In legalese, it’s actually not all that far-fetched. Sign up to Google services, including Photos, and you sign over the right to the company to use your content that you upload. Here’s a clause from Google’s real terms and conditions that sounds pretty alarming: So, scam or no scam, could Google legally reproduce one of your photos on a poster for its services? While it’s possible, it’s highly unlikely this is what Google is seeking to do with these terms. Right to publish, perform, or publicly display actually covers actions such as showing your content in shared destinations (that you have opted to make shareable) – this could be as simple as a video on YouTube, or a photo you’ve added to a Google review for a restaurant. So that’s real Google, but back to the scam email imitating Google.
How to spot it’s a scam email:
It may claim to come from Google, but the true email address has a different domainThere’s a typo (“choose” rather than “chose” or “have chosen”)There’s no attempt to address you by name as a user, suggesting it’s been sent out to thousands of recipientsThe actions you’re suggested to take are confusing – get more storage, download an app, or “View details” – all clicks lead to a scam site
We clicked, so you don’t have to – under controlled conditions. And once you click out of the Google Photos email, all pretence of this being anything to do with Google vanishes immediately. You’re instead drawn into a different scam – this time, involving a farcically cheap iPhone 12 giveaway and a sense of urgency to make you hand over your payment details. None of this is true – there is no prize, let alone a stopwatch “determined by regulation” (regulated by who, exactly?). It’s all to prompt hasty decisions and costly mistakes. How costly? Get to the final screen, and you’re encouraged to enter your name and card details. At this point, the scammer could withdraw any amount they choose.
What should you do if you receive scam emails?
Scam emails haven’t disappeared – if anything, the pandemic has made them worse. With so many of us working from home, even the best spam filters (from your company, or from Gmail and Outlook) can let a dangerous email pass through. What you do when you receive one matters most of all.
Delete the email
Don’t worry if you’ve opened it – this isn’t how viruses get downloaded to your device. But if you see something fishy, delete the email immediately.
Report the email
If you’re using your work account, let your IT manager know. They’ll thank you for this – it helps your IT team stay on top of latest risks and, if necessary, adjust your company’s spam filtering. If you’re using personal email, then use the Report/Flag button to help your webmail service improve its own spam detection. You can even report a phishing email to the company that’s being imitated. Google has a detailed guide on scams that impersonate its services.
Don’t click the links
Here’s where things get very dangerous – don’t click on the links. This is how ransomware and other malware variants can be installed onto your device. They can even affect your network security or shared cloud drives, in the worst circumstances. Ransomware costs companies a fortune, so don’t take the risk. If you’re in doubt, hover over the links (without clicking them) to reveal the true destination url in preview at the bottom of your browser – this will show you if the links lead to a genuine service.
Don’t give your financial details
Never fill in your credit card, PayPal, or any other payment details after following prompts from an unexpected email. Similarly, don’t fill in your user name and password – these can be lifted by a scammer.
Don’t re-use the same passwords
If you’re using the same password to log into multiple accounts, then it only takes one account to be compromised and they’re all at risk. Password managers are a simple, low-cost and secure way to manage multiple logins. The best one we’ve tested is 1Password, which offers a free trial period. See all our password manager recommendations to learn more.
