Google warns of phishing scam that impersonates Google Docs
- Author: Eleanor Harrison May 05, 2017,
May 05, 2017, 18:00
"In this new version, an email hits your Gmail inbox with the subject line "(name) has shared a document on Google Docs with you".
It took Google about an hour to shut the campaign down.
Google issued a statement, saying it has "disabled offending accounts" and "removed the fake pages", as its abuse team is working to "prevent this kind of spoofing from happening again".
On agreement, the app would send additional copies of the original email to the users' contacts.
If you are affected, and still have access to your account, you can take steps to remove the permissions of the fake app. That's what made the attack so efficient, and so viral, as people are more likely to click on links received from people they know. The attack was simple, but sinister and wreaked havoc for millions of Gmail users. Then locate the "Google Doc" app.
Google explained the new feature in the blog post: "While not all affected email will necessarily be risky, we encourage you to be extra careful about clicking on links in messages that you're not sure about".
In a statement late yesterday, however, Google said that even as the campaign accessed and used contact information, no other data was apparently exposed. Because the malicious app looked legit, it essentially tricked users into trusting it with their security token - which is all that was needed to access the accounts.
"There's no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup", Google added.
"We all use Google Docs", Dori Horvath of Green Brook, New Jersey, who fell victim to the scam, said. This is where a savvy user that's paying attention would see a red flag, since Google Docs doesn't require permissions, as it's native to Google.