Google warns users about phishing attacks using Google Docs

Written by | Google, Internet, Tech

If you receive an email from your contacts inviting you edit a Google Docs, chances are its the new Google Docs phishing scam that will give the attacker access to your Google account and use it to send more spam mail.

In a Reddit post, user JakeSteam described how the scam works;

  1. I received an email that a Google Doc had been shared with me. Looked reasonably legit, and I recognized the sender.
  2. The button’s URL was somewhat suspicious, but still reasonably Google based.
  3. I then got taken to a real Google account selection screen. It already knew about my 4 accounts, so it’s really signing me into Google.
  4. Upon selecting an account, no password was needed, I just needed to allow “Google Docs” to access my account.
  5. If I click “Google Docs”, it shows me it’s actually published by a random gmail account, so that user would receive full access to my emails (and could presumably therefore perform password resets etc).
  6. Shortly afterwards I received a followup real email from my contact, informing me: “Delete this is a spam email that spreads to your contacts.”

Google Docs via their twitter account, released an official statement and made the necessary steps to stop the phishing attack;

If you unknowingly accepted the invite, your account is already compromised and may have already sent the same spam email to all of your contacts.

To fix this, the solution is relatively easy but time consuming. You will need to first revoke the access of the said “Google Docs” web app/plugin. Then change the password of your Google account and all other online services using that affected email address.

Enabling the 2-Step Verification of your Google account will also help.

Last modified: May 4, 2017

Leave a Reply