Don't Fall for This Google Docs Phishing Scam

The 'highly sophisticated' phishing campaign appears to have hit a number of journalists, along with individuals from other industries.

By Angela Moscaritolo

Shutterstock.com

This story originally appeared on PCMag

Did you click on an unsolicited Google Docs email invite yesterday? It might have been a scam.

According to Vice's Motherboard, online miscreants on Wednesday launched a "massive phishing campaign targeting Google accounts." The "highly sophisticated" campaign appears to have hit a number of journalists, along with individuals from other industries, the report notes.

The fraudulent emails include what appears to be a Google Doc link from someone the recipient knows. "These, however, are malicious emails designed to steal your Google password or hijack your account," Motherboard advises.

Reddit user JakeSteam, who received the phishing email, said clicking the purported Google Docs button in the message takes you to an actual Google page, which asks you to grant access to an app masquerading as Google Docs. Granting permission would give the attacker full access to your email messages and contacts. The email then replicates itself and spreads to "everyone you have ever emailed," according to JakeSteam.

Affected individuals who clicked "allow" should revoke access to the fake Google Docs app right away, JakeSteam recommends.

The attack can bypass two-factor authentication, so having that additional layer of security enabled won't help you. Note that it's still a good idea to have two-factor authentication enabled, as it makes your account much harder to crack.

Google did not immediately respond to PCMag's request for comment. But in a statement posted to the @GoogleDocs Twitter account, the company said "We have taken action to protect users against an email impersonating Google Docs [and] have disabled offending accounts. We've removed the fake pages, pushed updates through Safe Browsing and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail."

This phishing campaign comes after attackers in January targeted Gmail users with a sophisticated ploy designed to steal usernames and passwords.

Angela Moscaritolo

Reporter

Angela Moscaritolo has been a PCMag reporter since January 2012. 

Related Topics

Editor's Pick

This 61-Year-Old Grandma Who Made $35,000 in the Medical Field Now Earns 7 Figures in Retirement
A 'Quiet Promotion' Will Cost You a Lot — Use This Expert's 4-Step Strategy to Avoid It
3 Red Flags on Your LinkedIn Profile That Scare Clients Away
'Everyone Is Freaking Out.' What's Going On With Silicon Valley Bank? Federal Government Takes Control.
Leadership

How to Detect a Liar in Seconds Using Nonverbal Communication

There are many ways to understand if someone is not honest with you. The following signs do not even require words and are all nonverbal queues.

Celebrity Entrepreneurs

'I Dreaded Falling in Love.' Rupert Murdoch Is Getting Hitched for the Fifth Time.

The 92-year-old media tycoon announces he will wed former San Francisco police chaplain Ann Lesley Smith.

Business News

Carnival Cruise Wants Passengers to Have Fun in the Sun — But Do This, and You'll Get Burned With a New $500 Fee

The cruise line's updated contract follows a spate of unruly guest behavior across the tourism industry.

Starting a Business

Selling Your Business? Do These 6 Things Right Now.

If you want the maximum price you need to make these moves before you do anything else.

Business News

New Mexico Is Hiring Professional Bear Huggers -- Here's How to Land the Dream Job

The American Black Bear was selected as the state's official animal on February 8, 1963, by the New Mexico Legislature.