A sophisticated Google Docs phishing scam has been spreading rapidly on Wednesday as it began landing in Gmail users’ inboxes. The malware attack starts with a deceptive email invitation to edit a Google Doc, which is the popular app for writing and sharing files. Internet users should beware of an email with a subject line stating a contact “has shared a document on Google Docs with you”.
Thousands of employees at multiple organizations that use Google for email have reported the dangerous email phishing scam today. Thousands of personal Gmail customers have also reported the same scam. Google has already stated awareness of the issue and is currently launching an investigation on it.
Here's how the scam develops to a widespread internet malady. First, an invitation to edit Google Docs is sent to the email. According to The Guardian, once the user clicks the “Open in Docs” button in the email, a legitimate Google sign-in screen appears. It then asks them to “continue in Google Docs”, which if the user clicks will grant permission to a bogus third-party app that could possibly access contacts and email, spreading the spam to additional contacts.
In order to protect yourself from this deceptive and rapid-spreading scam, the company encourages users to delete any email about a shared Google Doc. However, if you already clicked on the link, it's wise to set up a two-factor authentication using a cell phone number. According to BGR, removing permissions for the fake “Google Docs” app from your Google account is also a great way to go.
With regards to action against the sophisticated phishing scam, Google spokesperson has said in a statement that they have taken action to protect users against the criminal activity. Additionally, the firm has disabled offending accounts, deleted the fake pages, and have also pushed updates through Safe Browsing. The company's abuse team is also already in place to prevent this sophisticated phishing scam from happening again.