Scam Alert! Google Doc Phishing Email Could Compromise Everything Linked to Google Account

John Biglin, CEO | May 4, 2017

What You Need to Know:

  • A very convincing phishing campaign is making the rounds masquerading as a Google Docs invitation.
  • If you click this link, there is a way to reverse it through Gmail Account Settings.
  • Google is currently working on blacklisting all of the domains in use and will be updating the public periodically.

There is a new phishing campaign spreading at amazing speed that is parodying an invitation to view a shared Google Doc. First things first: If you see this in your inbox, do not click on any of the links and DELETE THE EMAIL IMMEDIATELY, even if it is coming from someone you know.

When you click the link in this convincing, malicious email you are redirected to a page saying, “Google Docs would like to read, send and delete emails, as well as access to your contacts,” with an “Allow” button following. Clicking this gives the hacker access to your account, without having to enter a password and bypassing two-factor authentication. Note: A genuine Google Docs invitation would never redirect you to a permissions request.

Once in your account, hackers start automatically forwarding the same phishing email to your entire contact list, but with you as the “sharer” of the Google Doc, spreading the campaign quickly and efficiently.

What Can Be Compromised?
You may not even realize it, but many or some of your email addresses are interconnected. With the use of “recovery” email addresses for certain programs, your addresses are linked. These hackers are taking advantage of this and not only have access to your Google account, but could possibly retrieve access to other online accounts, including your social media, Apple and Microsoft. Anything associated with your Google account could be compromised.

How to Revoke Permissions
If you happen to click on the link, there is a way to reverse the actions. Follow these steps immediately to stop the hacker’s access to your account:
1. Sign in to your Gmail account permissions setting at https://myaccount.google.com 
2. In the left hand navigation, click Connected Apps & Sites
3. Click “Manage Apps”
4. When you click on “Google Docs” from the list, a drop down will appear. Click the “Remove” button to revoke permissions

What is Google Doing?
The malicious apps used in this malicious campaign are being blacklisted by Google. Earlier today they tweeted:

“We are investigating a phishing email that appears as Google Docs. We encourage you to not click through & report as phishing within Gmail.”

The Guts Of A Phishing Email

Are you ready to lose all your money, cancel all accounts, and probably experience a system failure? I’m sure you will never be ready for that, which is why it’s critical you recognize the anatomy of a phishing email to avoid becoming a victim. So here are several...

Password Managers: Why should I bother?

Password managers do more for you than just help you remember which password you used for different accounts. In this post, I am going to dig a little deeper into explaining what password managers do and how can they benefit your personal security and privacy.  A...

How to Protect Yourself from Ransomware

What you need to do in the short and long term to safeguard your company and employees from cyber threats. Over the last week, organizations across the globe were hit with a massive cyber attack involving ransomware. This is a type of malicious software that blocks...