If you're a Gmail user and receive an email saying someone you don't know is sharing a Google Doc with you, resist the urge the click on the link. Google says it's a nasty phishing scam.
"We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts," Google said in a statement to Fortune magazine. "We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail."
Google said it acted within one hour of the scam's appearance, but a lot of damage was done in that first hour. Security experts say the hackers were likely able to steal millions of email addresses stored in victims' contacts folders, apparently the objective of the scam.
We've seen this before
In some way the scheme is similar to one we warned you about back in January. In that campaign, hackers were able to spoof emails from someone the victim knew, making it more likely he or she would fall for it.
At the bottom of the email was an attachment -- or what appeared to be a Gmail attachment. But it wasn't the real thing. It was a graphic representation of what Google uses to indicate an attachment.
If the victim clicked on the "attachment," he or she was taken to a page that looks exactly like Google's Gmail log-in page. There, the victim was asked to enter credentials to log into the Gmail account again. If the victim complied, the scammer immediately seized the account information, loged in, and began sending the phishing email to everyone in the victim's contacts.
What it looks like
In this new version, an email hits your Gmail inbox with the subject line "(name) has shared a document on Google Docs with you."
The body of the message says "(name) has invited you to view the following document:"
Below that line is a blue box with the words "Open in Docs." That's the link that then takes you to a bogus site instead of opening a document.
According to hacking expert Zach Latta, who has posted extensive warnings on Twitter, Google has revoked the app so there is nothing more for consumers to do. For those who have been victimized, Latta offers this advice:
- Go to myaccount.google.com/permissions
- Find the app "Google Docs"
- Revoke all permissions