Today, a large Google Docs phishing scam has been shut down. Here is Everything you need to know to stay safe.
(1 of 3) Official Google Statement on Phishing Email: We have taken action to protect users against an email impersonating Google Docs…
— Google Docs (@googledocs) May 3, 2017
Phishing is not anything new
Google users have been the target of these scams often. Back In 2014, scammers targeted Docs and GDrive users. This latest scam seems to have targeted journalists according to online reports.
This scam is slightly different because it focuses on tricking the user into allowing access to their account instead of stealing their username and password.
The hacker created an app called “Google Docs” and made to look like the real thing; unsuspecting Google users would then grant drive access permission straight to the hacker.
Giving account permission to a Gmail account is the same as giving access to a username and password, it means that users could have been phished without even realizing they were giving up their account information.
The scam then sent an email to all the victim’s contacts with a link that appeared to be a Google Doc from someone they know. It then directed them to Google’s account selection screen, and the phishing scam continued to the next unsuspecting user.
The Good news is Google have now disabled the fake “Google Docs” application rendering it useless
Here’s how it worked if you proceeded after clicking the link.
— Zach Latta (@zachlatta) May 3, 2017
Here’s what you need to do if you have already received the email and clicked on the”Open in Docs” button.
- Visit https://myaccount.google.com/permissions and look for “Google Docs” if it’s listed as one of the apps then the hacker has access to your Google account. Delete it immediately.
- Change your username and password.