If you received an email in the last 24 hours from someone you know containing a link to a Google document, you should be very careful about opening it.
A new Google Docs phishing scam has been making the rounds and it is spreading like wildfire. Not only does this email scam give hackers access to your information, it also affects everyone else on your contact list.
There's been a number of individuals and groups who have fallen victim of this email scam since yesterday including a few well known companies, U.S government organizations and universities.
Google has taken measures to control the spread of the attack but it is still imperative that you exercise caution when you receive an email with a Google Docs link.
@zeynep Just got this as well. Super sophisticated. pic.twitter.com/l6c1ljSFIX
— Zach Latta (@zachlatta) May 3, 2017
Here's what you need to know:
The email appears to be sent by someone you know and if you click on the fraudulent link contained in the email, it will take you to a real Google page where you will be asked to grant account permissions to a third-party app also named "Google Docs."
If you choose to "ALLOW" access, the fake Google app will have access to all your contacts, emails and pretty much all your information contained within your account.
The email subject line reads similar to the normal Google one, "[someone in your contacts] just shared a Google Doc with you," but you may notice an unrecognizable email in the BCC field addressed to "hhhhhhhhhhhhhhhh@mailinator.com."
A Google spokesperson confirmed in a statement that the company has stopped the hacker campaign and they are working to avoid this kind of breach from happening again.
We are investigating a phishing email that appears as Google Docs. We encourage you to not click through & report as phishing within Gmail.
— Google Docs (@googledocs) May 3, 2017
"We've pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail," said the spokesperson.
"We were able to stop the campaign within approximately one hour," the statement added. "While contact information was accessed and used by the campaign, our investigations show that no other data was exposed."
"If you try to click on the link to the suspicious Google Doc now, you may see a screen saying "We're sorry...but your computer or network may be sending automated queries. To protect our users, we can't process your request right now."
If by chance you clicked on the fake Google Docs link, go to Google security checkup and revoke access permission for "Google Docs."
We've addressed the issue with a phishing email claiming to be Google Docs. If you think you were affected, visit https://t.co/O68nQjFhBL. pic.twitter.com/AtlX6oNZaf
— Google Docs (@googledocs) May 3, 2017
Have you or anyone you know been affected by this phishing scam? Let us know in the comments!
