What You Need to Know:

  • A very convincing phishing campaign is making the rounds masquerading as a Google Docs invitation.
  • If you click this link, there is a way to reverse it through Gmail Account Settings.
  • Google is currently working on blacklisting all of the domains in use and will be updating the public periodically.

There is a new phishing campaign spreading at amazing speed that is parodying an invitation to view a shared Google Doc.  First things first:  If you see this in your inbox, do not click on any of the links and DELETE THE EMAIL IMMEDIATELY, even if it is coming from someone you know.

When you click the link in this convincing, malicious email you are redirected to a page saying, “Google Docs would like to read, send and delete emails, as well as access to your contacts,” with an “Allow” button following. Clicking this gives the hacker access to your account, without having to enter a password and bypassing two-factor authentication. Note: A genuine Google Docs invitation would never redirect you to a permissions request.

Once in your account, hackers start automatically forwarding the same phishing email to your entire contact list, but with you as the “sharer” of the Google Doc, spreading the campaign quickly and efficiently.

What Can Be Compromised?

You may not even realize it, but many or some of your email addresses are interconnected. With the use of “recovery” email addresses for certain programs, your addresses are linked. These hackers are taking advantage of this and not only have access to your Google account, but could possibly retrieve access to other online accounts, including your social media, Apple and Microsoft. Anything associated with your Google account could be compromised.

How to Revoke Permissions

If you happen to click on the link, there is a way to reverse the actions. Follow these steps immediately to stop the hacker’s access to your account:

  1. Sign in to your Gmail account permissions setting at https://myaccount.google.com
  2. In the left hand navigation, click Connected Apps & Sites
  3. Click “Manage Apps”
  4. When you click on “Google Docs” from the list, a drop down will appear. Click the “Remove” button to revoke permissions

What is Google Doing?

The malicious apps used in this malicious campaign are being blacklisted by Google. Earlier today they tweeted:

“We are investigating a phishing email that appears as Google Docs. We encourage you to not click through & report as phishing within Gmail.”