Warning! Google phishing – don’t click that google docs link
There are chances that you might’ve received an email with a Google document. It could be a google phishing attempt that has gone viral. This attack has affected about 1 million Gmail users. While Google has blocked the attack, make sure to take security check and look for suspicious app permissions.
The notorious cyber criminals keep employing new techniques to make sure that they target new users. In a similar attempt, a new Google Docs phishing scam has spread like a wildfire all across the internet. If you’ve received an email from someone in your contact list with a Google document, don’t open it or click the link in it.
Some of these emails are addressed to [email protected] with the intended target placed in the BCC field. Here’s how this attack takes place:
- If you click the link, it’ll take you to a Google accounts page with different Google accounts.
- It asks you to choose an account and give permissions to an app called “Google Docs.” Here, Google Docs is a fake third party app.
- After you given it the permissions, the fake app has the permission to read your emails and forward a similar phishing email to all your contacts.
Here’s how this attack looks like:
Just got this as well. Super sophisticated. pic.twitter.com/l6c1ljSFIX
— zach latta (@zachlatta) May 3, 2017
Google has now disabled the accounts where the hack originated. The company has pushed updates through Safe Browsing, and the concerned team is working to prevent such spoofing in future. In a second statement, Google made clear that the attack affected fewer than 0.1% Gmail users, which is about 1 million users. The company has now blocked the campaign. If you click on the link now, you’ll see an error page.
What to do if you’ve already clicked on the Google Doc link?
To make sure that you haven’t been hit by the phishing attack, check your Google account’s app permissions by visiting this link. Make sure that there isn’t any app named Google Docs; Docs has access to your account by default. If you see it there, remove it.
Did you find this article on Google Docs phishing helpful? Share your views and feedback.