A New Google Docs Phishing Scam – What you Need to Know

News, Security

New Google Docs Phishing Scam - What you Need to Know

A new Google Docs phishing scam is making its way around the internet. To understand how this very sophisticated attempt works and how you could be at risk, picture the following:

You are looking through your email when all of a sudden, your good friend Stan Perimeter has shared a Google Doc with you. Excited to see what your friend thought was important enough to put it in a Google Doc, you start to open it. Maybe you are going to collaborate on something amazing.

You quickly click the ‘Open in Docs’ link, and you are taken to a secure page where you can log in to your Google account and see the document. You type in your user name and password and submit. You are met with a Google Doc of either gibberish or one that is simply blank.

In the mean time, your email address and password have been submitted to a malware script, hosted unknowingly by a random third party. Your Google username and password have now been swiped by this phishing attack.

Internet Security - Protect yourself from phishing

So how do you keep yourself safe? How do you recognize the attempt?

Google Docs Phishing Scam Example 1

See this email?

Google Docs Phishing Scam Example 2

See, that is not a Google address or any address that you know. DELETE IT. Do not open it, do not pass go, do not collect $200.

If you have fallen victim and filled out the form, immediately change your Google password.

Note: The phishing attempt seems to be targeting members of the media and schools at the moment but that could change quickly.

Edit: TechCrunch has a great post on how to fix the issue if you’ve been compromised. Check the end of the article for the solution. We have also provided the excerpt bellow.

How do I know if I’ve been hit? How do I fix it?

Check your Google account’s app permissions. There should not be an app called “Google Docs” there — actual Google Docs has access to your account by default. If you see it listed there, remove it by tapping the label and hitting “Remove” – Tech Crunch


Also published on Medium.