Beware of emails with Google Doc invitations; info on the recent phishing attack



Only 0.1 percent of Gmail users were affected. Roughly 1 million users.

If you received an email from someone you know sharing a Google Doc with you, do not click “Open in Docs”. If you opened the email, just delete instantly.

According to Recode:

“Gmail users are under attack in a gigantic phishing operation that’s spreading like wildfire across the internet right now. Victims receive an email that looks like an invitation to join a Google Doc from someone they know. When you click on the link to open the file, you are directed to grant access to an app that looks like Google Docs but is actually a program that sends spam emails to everyone you’ve emailed, according to a detailed outline of the attack on Reddit. This type of hack is usually done for malicious reasons, like to steal credit card information or trick you into sharing your password. Most emails in this attack look like they are sent to this email address:”

The good news? Google has publicly responded to the phishing attack. Here’s what we know:

1. Google confirmed it has blocked the phishing attack

A Google employee confirmed on Reddit their team has “blocked the phishing attack by disabling the fake app’s ID, but it’s not clear if the company has implemented any long term solutions against this kind of scam. So just be alert should a similar attack resurface, and as always, don’t open links you weren’t expecting to receive without being absolutely sure they are legit,” (via The Next Web).

2. Google took further steps to prevent similar attacks

“We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”

3. Only 0.1 percent of Gmail users were affected. Roughly 1 million users

“We realize people are concerned about their Google accounts, and we’re now able to give a fuller explanation after further investigation. We have taken action to protect users against an email spam campaign impersonating Google Docs, which affected fewer than 0.1 percent of Gmail users. We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems. We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed. There’s no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup.”

If your account was possibly “phished” as part of the attack, Recode explains what to do in order to keep your information safe, ad prevent issues like this in the future.

To summarize the spam email (via Reddit):

  1. Uses the existing Google login system
  2. Uses the name “Google Docs”
  3. Is only detectable as fake if you happen to click “Google Docs” whilst granting permission
  4. Replicates itself by sending itself to all your contacts
  5. Bypasses any 2 factor authentication / login alerts
  6. Will send scam emails to everyone you have ever emailed

If you think you’ve been affected:

  1. Revoke access to “Google Docs” immediately. It may now have a name ending in since Google removed it. The real one doesn’t need access.
  2. Try and see if your account has sent any spam emails, and send a followup email linking to this post / with your own advice if so.
  3. Inform whoever sent you the email about the spam emails, and that their account is compromised.

Editor’s Note: Stay safe out there, and always double-check your emails, messages, and links as much as possible. Even though we want to move as fast as possible on our desktops and mobile devices, it’s always helpful to be alert and know what possible threats like this can do with your information and privacy.

Image Credit: The Next Web

Newsletter Subscription

Get the latest insights, trends and best practices from today's leading industry voices.

Watch SMW Live

SMW Insider is a premium video platform that streams more than 180+ hours of talks, presentations, and interviews from leading industry experts.

Subscribe Now

Write for Us

Interested in sharing your ideas and insights with the world? Become a SMW News contributor and reach 300k readers each month.

Apply Here