You may have received an email today that looked a lot like an email you get when a colleague or contact shares with you a Google Docs file. If so, you should be careful and double check that it’s actually from that someone. I say that because a pretty convincing Google Docs phishing scam is making the rounds at the moment.
Emails are showing up in inboxes (ours included) that look like the email images I’ve included in this post, from an email address of “hhhhhhhhhhhhhhhh@mailinator.com” along with a contact of yours. Pretty realistic, right? Should you actually click the “Open in Docs” button in the email, you’ll likely be asked to select a Google account before giving something called “Google Docs” a whole bunch of permissions or access to your selected Google account. That’s a bad thing and could lead to other very bad things.
As noted by this reddit user, who provides images of the entire process, you are basically giving someone full access to your Google account should you allow it. You are not actually accessing a Google Docs file because none were actually shared with you. Once you have given up access, your contacts are exposed and emailed the same scam, but you may also be vulnerable to someone having control over your account. Scary stuff, for sure.
Thankfully, Google is already on it and may have resolved the issue, according to someone claiming to be a Googler in that reddit thread I just linked to. I’m not sure what that means, but I’m hoping they will find the phishing scam and remove it from inboxes before it spreads further. If anything, we know that the official Gmail Twitter account has acknowledged the phishing email and warns users to avoid it. They are investigating it.
We are investigating a phishing email that appears as Google Docs. We encourage you to not click through, & report as phishing within Gmail.
— Gmail (@gmail) May 3, 2017
So, if you get any weird looking Google Docs requests today, be careful. If you did, consider going to your Google Account permissions and removing any permissions given to “Google Docs.” You’ll find the permissions lists here.
UPDATE: Google says it has “addressed” the phishing email that was posing as a Google Docs share and has provided additional info, as well as their security checkup to help keep your account safe, should you have been duped.
We've addressed the issue with a phishing email claiming to be Google Docs. If you think you were affected, visit https://t.co/O68nQjFhBL. pic.twitter.com/AtlX6oNZaf
— Google Docs (@googledocs) May 3, 2017
Anyone else find it funny that the day Google releases increased Phishing tools to its gmail app, this happens??
It clearly says, Be careful with the message. Then, why should you open it ?
The one I got did not say that.
I was one of those idiots who opened it. I work for a school system and it came from a colleague’s machine. I get shared Google Docs nearly every day, so it was nothing special to get another.
Same here, it looked legit.
https://pics.onsizzle.com/dammit-todd-get-our-sittogether-mann-lightsaber-night-has-been-13112103.png
Looks like they’ve already fixed it: https://twitter.com/googledocs
Got two of these today form various folks. Sent both users (in separate emails) a note to change their passwords asap.
Changed mine as well for good measure.
Oh, and Todd’s a dick.
As I understand it, this attack uses OAuth, and therefore bypasses password and even two-factor authentication. Changing your password doesn’t mitigate it — If you have given the attacker authorization to access your account, you have to login and explicitly revoke that authorization (https://myaccount.google.com/permissions).
Good to know – thank you!
“Be careful with this message” should be the first indicator…
Hhhhhhhhhhhhh should raise that flag of awareness, also.
This seems to also be getting sent to multiple colleges. I work for a public school system in IT so we’re on the watch for it, too.
That made for a fun afternoon for the mail team at work.
…. https://uploads.disquscdn.com/images/89c6ccc8b58de0ea6e6c696057834d0852044a53907f99248702ca055d52f57d.jpg
Seriously, wtf Todd.
WTH Todd?????
Google is paying 97$ per hour! Work for few hours and have longer with friends & family! !mj155d:
On tuesday I got a great new Land Rover Range Rover from having earned $8752 this last four weeks.. Its the most-financialy rewarding I’ve had.. It sounds unbelievable but you wont forgive yourself if you don’t check it
!mj155d:
➽➽
➽➽;➽➽ http://GoogleFinancialJobsCash155MarketAppGetPay$97Hour… ★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★:::::!mj155d..,..
I began freelancing over net, through doing some fundamental work which exclusively requisite a personal computer and also access to broadband in addition to I am delightful than ever before… six months have passed by ever since i first began this furthermore i received earning full amount of of $36k… Normally I earn eighty bucks each one hour and even work for 3 to four hours nearly all the times.And fantastic thing about this is exactly that you can keep control of valuable time whenever you work and so for how long as you like and you acquire a take-home pay weekly. —->>>LEARN Extra Regarding It here-> http://olaurl.com/15cnq
zsrbqwriavew
Why would anyone be dumb enough to click on that?
because they all aren’t as l33t as you, and of all the scams out there, this one is much, much more convincing than most.
Yeah most wouldn’t expect a harmless document be able to take over all of your sh!t
It is hard to be l33t when you’re a sheep.
No. It’s not convincing at all. Only the gullible click on links they don’t know.
I don’t find ‘hhhhhhhhhhhhhhhh@mailinator.com’ very convincing.
This. That looks HELLA suspicious! You’d think the phishers would use “administrator” or “mailmaster” or something less random than a bunch of Hs :-/
I’m at work. Even with warnings to never open an unexpected email, and to always double check the sender, I’ve had 7 people infect their machines. So yes. Absolutely no matter what precautions you take, there is always a handful of dumb dumbs on auto pilot that will click on that.
Sounds like my office.
No one here did thankfully, last time someone did something stupid I gave them crap about it for weeks, every now and again I’ll ask if they opened anything from the nigerian prince recently.
History is filled with much worse scenarios that all started because humans do stupid sh1t. All. The. Time.
I work with teachers that call the 800 numbers that pop up on sketchy sites thinking that they’ll actually be reaching me and the rest of the IT department… So, yes, Doctor… People are that dumb. You’re Scottish this regeneration, so you should know that. LOL