If you received an unexpected Google Docs email today, we advise you to not open it.
A new, rather adept phishing scam is utilizing a fake Google Docs invite to gain access to people’s personal information. What’s happening is users are receiving a fake invite from someone they may or may not know that’s already a victim of the phishing scam, according to The Verge.
As discussed in this Reddit thread, targets are sent an e-mail that brings them to a Google Docs-like sign-in screen and then asks the receiver to “continue to Google Docs.” This then grants permissions to the scam that’s named ‘Google Docs,’ giving phishers access to your contacts and email.
The reason why this phishing scam is more sophisticated than normal is that it works within Google’s system. It benefits from the fact that anyone can create a non-Google web app and give it a misleading name.
This is exactly what it looks like:
Just got this as well. Super sophisticated. pic.twitter.com/l6c1ljSFIX
— zach latta (@zachlatta) May 3, 2017
Furthermore, people who have received the link might have already sent spam to their contacts. Though you can stop future access by using Google’s ‘Connected Apps and Sites’ page.
According to Google, the company is investigating the phishing scam and has released a new security checkup to help those that think they may have fallen for the exploit.
— Google Docs (@googledocs) May 3, 2017
Although Google resolved the issue, it’s important to always be aware of potential phishing attacks.
Source: The Verge