Did you come across a message in your Gmail inbox inviting you to access a Google Doc? Don’t click that link! This is a new Google Docs phishing attack that wants to access all the data available in your Gmail account
The invitation might come from a friend or another person you trust because the malware was designed to spread like wildfire. However, the sender’s email address looks very suspicious. Many users have reported the sender having the address ‘firstname.lastname@example.org’.
Of course, this doesn’t mean all Google Dog invites are dangerous but if the person sending it to you has the above email and doesn’t have any obvious reason to share the file with you, chances are it’s the phishing attack
Google recommended users don’t click through and use the ‘Report Phishing” option available in the right corner of the email.
I already clicked through to the Google Doc. Now what?
If you click on the link, you’ll be asked to choose your Google account from a selection window. There is no need to manually enter any credentials but once you log in with a Google account, the Google Docs app will ask you to give it access to your account.
Nevertheless, this is a fake Google Doc app which if granted the permission is able to access your Gmail account and everything that’s in it, including your contacts list which is how the phishing attack has spread so fast in the first place.
If you opened the Google Docs phishing email, here's how to fix:https://t.co/cucndZ39ad
If you see Google Docs, delete it pic.twitter.com/UH9bDgbqhK
— Tom Warren (@tomwarren) May 3, 2017
If you clicked on the Google Docs invite, go to https://myaccount.google.com/permissions and if you see a Google Docs app in the list, click on it then hit the ‘Remove’ button because it’s a fake.
Google says they shut down the attack
The company issued an official statement via Twitter in which they say the Google Docs phishing attack has been shut down.
— Google Docs (@googledocs) May 3, 2017
Google also said they have already taken all the steps necessary to protect users. The company deleted the fake pages and sent updates via Safe Browsing. On top of that, their team is working to prevent similar attacks from happening in the future.
This may sound promising, but as it can be seen hackers can get pretty creative and find new workarounds and users should remain vigilant. If you ever receive emails asking for your credentials or sharing suspicious links you should never click on them and report them as phishing.