Did you receive an unsolicited Google Doc from someone?
First, do not click on that Google Doc link embedded in the email you have received and delete the message, even if it’s from someone you know.
A Google Docs phishing scheme is quickly spreading across the Internet targeting a large number of users and employees at multiple media outlets and organizations that Gmail.
Some of the websites associated with this campaign appear to have been shut down.
A large number of users are receiving a very insidious OAuth phishing email, which informs the recipient that sender “has shared a document on Google Docs” with the,
Once the recipient clicked the link, he will be redirected to a page which says, “Google Docs would like to read, send and delete emails, as well access to your contacts,” asking the victim’s permission to “allow” access.
If the user will allow the access, the attackers would get access to the recipient’s Gmail account without providing any Gmail password.
At this point, the attackers have the key of your kingdom and anything linked to the compromised Gmail Accounts is at risk.
Google also already started blocking any malicious apps leveraging this subtle trick.
We are investigating a phishing email that appears as Google Docs. We encourage you to not click through & report as phishing within Gmail.
— Google Docs (@googledocs) May 3, 2017
“We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts,” said a Google spokesperson in an email.
“We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”
“There’s a very clever phishing scam going around at the moment – originally thought to be targeting journalists given the sheer number of them mentioning it on their Twitter feeds, it’s also been slinging its way across unrelated mailboxes – from orgs to schools / campuses,” explained Christopher Boyd, malware intelligence analyst at Malwarebytes, today.
“This doesn’t mean it didn’t begin with a popped journo mailbox and spread its way out from there, or that someone didn’t intentionally send it to a number of journalists of course – but either way, this one has gone viral and not in a ‘look at the cute cat pic’ fashion.”
If you have already clicked on the phishing link and granted permissions you can remove them for the bogus “Google Docs” app directly from your Google account.
Below the procedure to remove permissions:
(Security Affairs – hacking, Google Docs phishing)