If you receive an email with an unexpected invitation to open and view a Google Doc, don’t do it. In what appears to be a large-scale phishing attack, people are reporting that they’re receiving these invitations from people they know, although they often include “firstname.lastname@example.org” in the address.
Phishing (or malware) Google Doc links that appear to come from people you may know are going around. DELETE THE EMAIL. DON'T CLICK. pic.twitter.com/fSZcS7ljhu— Zeynep Tufekci (@zeynep) May 3, 2017
If you click on “Open in Docs,” it will spam everyone in your Google contacts, and it may also try to steal your information.
While lots of people are reporting that they have received these invitations, journalism organizations and colleges seem to be particularly hard hit.
If you already clicked on the email—as some people on Twitter are sheepishly admitting—you should immediately check what applications you have granted access to your Google account. If you see the Google Docs application listed, remove it, as this tweet describes:
Phishing attacks from Google Docs seem to re-appear every once in awhile, so it’s good to remember to keep an eye out for attacks like this in the future. As a basic rule of thumb, never download an attachment or click on a link that you aren’t expecting.
Want to learn more about protecting yourself online? Check out Future Tense’s “Cybersecurity Self-Defense” package.
Update, May 3, 2017, 5:20 p.m.: Google responded to our request for comment with an official statement: "We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail."
Update, May 4, 2017, 11:06 a.m.: Google contacted us with another statement:
We realize people are concerned about their Google accounts, and we’re now able to give a fuller explanation after further investigation. We have taken action to protect users against an email spam campaign impersonating Google Docs, which affected fewer than 0.1% of Gmail users. We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems. We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed. There’s no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup.
Gmail has more than 1 billion monthly users, so the 0.1 percent Google cites could still mean roughly 1 million accounts were attacked.