Have you received any random email recently containing ‘Google Doc’ attachment within it? Don’t click on that link – it could get you HACKED. And delete it immediately — even if it is from someone you know.
An alarming phishing scam began spreading around the internet since Wednesday in an attempt to access Google accounts through an email embedded with a fake Google Docs file.
Originally thought to be targeting only journalists, these malware emails were also slinging their way across unrelated mailboxes – from organizations to schools/campuses and even random people.
The malicious email contains what appears to be a link to a Google Doc file, saying that the person [sender] “has shared a document on Google Docs with you.” Once you click the link, you will be redirected to a legit Google.com page asking you to authorize “Google Docs” to access to your Gmail account. It says, “Google Docs would like to read, send and delete emails, as well access to your contacts.”
You should know that the real Google Docs invitation links do not require your permission to access your Gmail account.
If you allow the access, the hackers would immediately get permission to manage your Gmail account with access to all your emails and contacts, without requiring your Gmail password. It also gains control over the webmail account, including the ability to read victims’ messages and send new ones on their behalf.
Once the permissions to manage your email are granted, the software will immediately spam out the same message to all the people on your contacts list, even bypassing two-factor authentication.
— Zach Latta (@zachlatta) May 3, 2017
Meanwhile, Google has also started blacklisting malicious apps being used in the active phishing campaign.
“We have taken action to protect users against an email impersonating Google Docs (and) have disabled offending accounts,” Google wrote in a statement on Twitter. “We’ve removed the fake pages; pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”
We are investigating a phishing email that appears as Google Docs. We encourage you to not click through & report as phishing within Gmail.
— Google Docs (@googledocs) May 3, 2017
How to not fall to the Prey to the Attack?
Do not click on links in emails from someone you might not know, especially if the subject line just says “documents.”
If you do show up at the login screen, then see if it recognizes you as a Google user. If it does not, then that is a clear sign it is part of a phishing scam.
What to do if you fell for the scam:
If you are worried about being scammed, here is what to do.
- Go to your Gmail accounts permissions settings at myaccount.google.com and Sign-in.
- Go to Security and Connected Apps.
- Go to the “Account Permissions” section
- Search for “Google Docs” and hit “Remove”. It’s not the real Google Docs.