This Google Docs phishing attack wants to get into your Gmail [Update]

Update 2:23pm PT: Google says it has shut down the fast-spreading, sophisticated Google Docs phishing attack, tweeting out an official statement Wednesday afternoon that it's taken the necessary steps to protect users:

"We have taken action to protect users against an email impersonating Google Docs & have disabled offending accounts," Google says. "We've removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing email in Gmail."

We recommend staying vigilant, however, and continue to report suspicious emails to Google. We'll keep an eye on the situation and report on any further developments.

Original story below...

If you've received a suspicious invitation to a share a Google Doc with you today, don't click through the link! 

Google Docs users, including yours truly, are receiving unexpected invites to view shared files. The invitation looks like a standard Google Doc invite in Gmail, but it is actually a fake posing as one in an effort to get into your email.

I received an invitation that appeared to be from a real contact (it used a real contact's name), though this person has never shared a Google Doc with me before, I don't communicate with regularly, and has no known reason to share a Google Doc with me, to give you an idea of what set off my alarms. 

Another red flag, which other Gmail users are reporting, is the sender's email address: 'hhhhhhhhhhhhhhhh@mailinator.com'. Invite recipients are BCC'd in the email. 

The attack is tricky though because it so closely imitates a legitimate Google Docs invitation. This is part of what makes it so hard to catch if you don't pause for a split-second before clicking to open the link.

Google is aware of the issue, and is encouraging users not to click through and to report the email as a phishing attempt within Gmail. You can do so by clicking on the drop down menu in the upper right-hand corner of the email, then select 'Report Phishing.'

See more

What happens if I click through to the Google Doc?

The attack appears to be quite sophisticated, and reddit user JakeSteam (via Motherboard) explained just what happens if you do click through the link. 

After clicking through, you're asked to choose a Google account from an account selection page. No password is required, JakeSteam said, and once logged in, you're asked to give Google Docs access your account. 

This Google Docs app is fake, however, but now it has access to your entire Gmail account. Accessing your contacts, the attackers can then send out more phishing emails, their hooks spreading like wildfire across the web.

What should I do if I clicked through?

If you clicked through the Google Docs invite, head to this page: https://myaccount.google.com/permissions.

If you see a 'Google Docs' app in your permissions, this is the malicious app. You can verify this by the checking the 'Authorization Time', Motherboard recommends, which should be from today. You can revoke access by removing this Google Docs app from your permissions.

See more

Phishing attacks are never pleasant, but by staying vigilant and going with your gut on suspicious emails, you can better protect yourself against future scams.  

Michelle Fitzsimmons

Michelle was previously a news editor at TechRadar, leading consumer tech news and reviews. Michelle is now a Content Strategist at Facebook.  A versatile, highly effective content writer and skilled editor with a keen eye for detail, Michelle is a collaborative problem solver and covered everything from smartwatches and microprocessors to VR and self-driving cars.