If you’ve received an invitation to edit a Google Doc recently, think twice before opening it.
A Google Docs scam has been flooding inboxes this morning, affecting users worldwide.
The invitation to edit a Google Doc has a subject line stating that a contact "has shared a document on Google Docs with you." If you click the "Open in Docs" button inside the email, it’ll take you to a seemingly legit sign-in screen that asks to "continue in Google Docs." Clicking on that link then gives access to the bogus third-party app to retrieve all your contacts and email, spreading the spam to them.
Check out the GIF below and see how it works:
Google is currently investigating the issue. And if you've received one, they highly suggest that you report the email as phishing immediately.
"We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts," a Google spokesperson said in a statement. "We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again."
Phishing scams usually involve emails which appear to be legitimate. These scams typically ask for personal information, such as usernames, passwords, birthday, credit or debit card numbers, and more. Google reiterates that they do not send out emails like this, and asks it users to not open any suspicious messages or click on any links at all.
Journalists from around the world have also been affected by the scam, and warned their followers to be vigilant.
As the Verge reports, "the attack seemed to be more advanced than standard email phishing scams, because it doesn’t simply take users to a bogus Google page to collect a password, but instead is working within Google’s system with a third-party web app that has a deceptive name."
If unfortunately you have already granted permission through the phishing email, do the following:
2) Find the app called "Google Docs"
3) Revoke all permissions