Potentially Malicious Attachments from Google

Wednesday, September 16th, 2015

malicious attachments from google

When is Google not Google? Well, it’s easy enough to find out and protect yourself. We’ve put together a breakdown of warning signs that you can stay on the lookout for to make sure you never get caught out by malicious attachments from Google lookalikes.

How to protect yourself from downloading malicious attachments from Google lookalikes

First and foremost: check the sending address

As with all online scams, malicious emails, and phishing scams, always check the sending address before you open anything or follow any links. Illegitimate sender are not allowed to use the official email addresses of the company they’re pretending to be. While the email address might seem trusted, many scammers piggyback on trust websites to make their scam seem more legitimate. However any website that deals with your personal details, banking details, or any sensitive information take measure to make sure that it is not possible for scammers to use their domains for malicious intent.
malicious attachments from google
As you can see, this isn’t an email from google.com – a true address from google in this case would be something like awards@google.com. Instead this email comes from or via europe.com. We took the liberty of going to europe.com to make it clear that they definitely aren’t Google:
malicious attachments from google

Secondly: fact check

If you’re still not sure after you’ve checked the address, make sure everything in the email is correct. Here are some errors we noticed:

  1. Matt Brittin is not the Managing Director; he’s the Vice President of Google UK;
  2. The very likelihood of an email being sent from Matt Brittin instead of “The Google Team” is very low (unless you’re terribly important); and
  3. The recipient of this email wasn’t even using a Google address (i.e. this email was sent to an address that doesn’t end in google.com).

The Evidence – get your detective on

Here is a snippet from a quick Google search on Matt Brittin:
malicious attachments from google
While he was once the managing director of Google in the UK, Matt Brittin has long since had a title change. Because it’s illegal to falsely represent someone, especially for nefarious purposes, scammers use the name and previous title of Matt Brittin to avoid blatant identity theft.

Unless you’re exceptionally important, or have your Google address forwarded to another inbox, it’s unlikely that you’ll be getting these types of emails. If you’re unsure about the third point, just check which email address the message was sent to (if it’s from Google to a non-Google address, something is fishy).

Expect legitimate stationary

If the email is from the organisation it claims to be from, you will be able to see straight away. Google, for example, almost always has the Google logo is some shape or form on their emails and will always have a copyright and disclaimer at the end of their email. It is your right as an internet user to opt out of any communication from any company or organisation online. Legitimate emails will have a disclaimer about unsubscribing or opting out of communication with them. This is Google’s footer on their emails:
malicious attachments from google

Keep safe and always perform these checks if you get any hint that the emails you’re receiving are suspicious.

Bank Identification