If someone invites you to edit a file in Google Docs today, don’t open it — it may be spam from a phishing scheme that’s been spreading quickly this afternoon. As detailed on Reddit, the attack sends targets an emailed invitation from someone they may know, takes them to a real Google sign-in screen, then asks them to “continue to Google Docs.” But this grants permissions to a (malicious) third-party web app that’s simply been named “Google Docs,” which gives phishers access to your email and address book.
Once you clicked the link, you will be redirected to a page which says, “Google Docs would like to read, send and delete emails, as well access to your contacts,” asking your permission to “allow” access.
If you allow the access, the hackers would immediately get permission to manage your Gmail account with access to all your emails and contacts, without requiring your Gmail password.
But How? The “Google Docs” app that requests permissions to access your account is fake and malicious, which is created and controlled by the attacker.
You should know that the real Google Docs invitation links do not require your permission to access your Gmail account.
Anything Linked to Compromised Gmail Accounts is at Risk
Since your personal and business email accounts are commonly being used as the recovery email for many online accounts, there are possibilities that hackers could potentially get control over those online accounts, including Apple, Facebook, and Twitter.
In short, anything linked to a compromised Gmail account is potentially at risk and even if you enabled two factor authentication, it would not prevent hackers to access your data.
Meanwhile, Google has also started blacklisting malicious apps being used in the active phishing campaign.
“We are investigating a phishing email that appears as Google Docs. We encourage you to not click through & report as phishing within Gmail,” Google tweeted.
This Google Docs phishing scheme is spreading incredibly quickly, hitting employees at multiple organizations and media outlets that use Google for email, as well as thousands of individual Gmail users who are reporting the same scam at the same time.
If by any how you have clicked on the phishing link and granted permissions, you can remove permissions for the fraudulent “Google Docs” app from your Google account. Here’s how you can remove permissions:
- Go to your Gmail accounts permissions settings at https://myaccount.google.com and Sign-in.
- Go to Security and Connected Apps.
- Search for “Google Docs” from the list of connected apps and Remove it. It’s not the real Google Docs.