Update 2:23pm PT: Google says it has shut down the fast-spreading, sophisticated Google Docs phishing attack, an official statement Wednesday afternoon that it's taken the necessary steps to protect users:
"We have taken action to protect users against an email impersonating Google Docs & have disabled offending accounts," Google says. "We've removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing email in Gmail."
We recommend staying vigilant, however, and continue to report suspicious emails to Google. We'll keep an eye on the situation and report on any further developments.
- Give your home a Wi-Fi boost with these wireless routers
Original story below...
If you've received a suspicious invitation to a share a Google Doc with you today, don't click through the link!
Google Docs users, including yours truly, are receiving unexpected invites to view shared files. The invitation looks like a standard Google Doc invite in Gmail, but it is actually a fake posing as one in an effort to get into your email.
I received an invitation that appeared to be from a real contact (it used a real contact's name), though this person has never shared a Google Doc with me before, I don't communicate with regularly, and has no known reason to share a Google Doc with me, to give you an idea of what set off my alarms.
Another red flag, which other Gmail users are reporting, is the sender's email address: 'firstname.lastname@example.org'. Invite recipients are BCC'd in the email.
The attack is tricky though because it so closely imitates a legitimate Google Docs invitation. This is part of what makes it so hard to catch if you don't pause for a split-second before clicking to open the link.
Google is aware of the issue, and is encouraging users not to click through and to report the email as a phishing attempt within Gmail. You can do so by clicking on the drop down menu in the upper right-hand corner of the email, then select 'Report Phishing.'
We are investigating a phishing email that appears as Google Docs. We encourage you to not click through & report as phishing within Gmail.May 3, 2017
What happens if I click through to the Google Doc?
After clicking through, you're asked to choose a Google account from an account selection page. No password is required, JakeSteam said, and once logged in, you're asked to give Google Docs access your account.
This Google Docs app is fake, however, but now it has access to your entire Gmail account. Accessing your contacts, the attackers can then send out more phishing emails, their hooks spreading like wildfire across the web.
What should I do if I clicked through?
If you clicked through the Google Docs invite, head to this page: https://myaccount.google.com/permissions (opens in new tab).
If you see a 'Google Docs' app in your permissions, this is the malicious app. You can verify this by the checking the 'Authorization Time', Motherboard recommends, which should be from today. You can revoke access by removing this Google Docs app from your permissions.
If you opened the Google Docs phishing email, here's how to fix:https://t.co/cucndZ39adIf you see Google Docs, delete it pic.twitter.com/UH9bDgbqhKMay 3, 2017
Phishing attacks are never pleasant, but by staying vigilant and going with your gut on suspicious emails, you can better protect yourself against future scams.