News Security

New Google Docs phishing attack wants to access your Gmail

Did you come across a message in your Gmail inbox inviting you to access a Google Doc? Don’t click that link! This is a new Google Docs phishing attack that wants to access all the data available in your Gmail account

The invitation might come from a friend or another person you trust because the malware was designed to spread like wildfire. However, the sender’s email address looks very suspicious. Many users have reported the sender having the address ‘hhhhhhhhhhhhhhhh@mailinator.com’.

Of course, this doesn’t mean all Google Dog invites are dangerous but if the person sending it to you has the above email and doesn’t have any obvious reason to share the file with you, chances are it’s the phishing attack

Google recommended users don’t click through and use the ‘Report Phishing” option available in the right corner of the email.

I already clicked through to the Google Doc. Now what?

If you click on the link, you’ll be asked to choose your Google account from a selection window. There is no need to manually enter any credentials but once you log in with a Google account, the Google Docs app will ask you to give it access to your account.

Nevertheless, this is a fake Google Doc app which if granted the permission is able to access your Gmail account and everything that’s in it, including your contacts list which is how the phishing attack has spread so fast in the first place.

If you clicked on the Google Docs invite, go to https://myaccount.google.com/permissions and if you see a Google Docs app in the list, click on it then hit the ‘Remove’ button because it’s a fake.

Google says they shut down the attack

The company issued an official statement via Twitter in which they say the Google Docs phishing attack has been shut down.

Google also said they have already taken all the steps necessary to protect users. The company deleted the fake pages and sent updates via Safe Browsing. On top of that, their team is working to prevent similar attacks from happening in the future.

This may sound promising, but as it can be seen hackers can get pretty creative and find new workarounds and users should remain vigilant. If you ever receive emails asking for your credentials or sharing suspicious links you should never click on them and report them as phishing.

Add Comment

Click here to post a comment