Journalists, educators and employees of major corporations appear to be the target of a widespread Google Doc phishing scam that attempts to hijack a user’s email account by tricking them into clicking on a fake Google Doc file.
Reports of the malware first started surfacing on Twitter, when users noted they received an email that appeared to be from a person they know attempting to share a Google Doc file. The Google Doc phishing attack spoofs official domain names and presents itself like a typical Google Doc email.
When a user clicks on the link to access the document, it will attempt to gain access to their account. The relatively sophisticated attack is actually from a third-party app not developed by Google but named Google Docs.
The app asks for access to the user’s account—including reading, sending, deleting and managing emails and full access to a user’s contacts. If granted access, the attack will then send similar emails to a user’s contacts in hopes of tricking them into making the same mistake.
Because the attack gains access to a user’s account through official means—though by misrepresenting itself—it can bypass typical security measure likes two-factor authorization and login alters.
Users are advised not to click on the link in the email in order to bypass the attack entirely. However, those who have clicked on the link can avoid being hit by the attack by not granting the fake Google Docs app permission to access their account.
Google has reportedly already put a stop to the attack, according to a Reddit post made by a user claiming to work at Google. For those who were hit, there is still a way to remove the app and prevent it from doing any damage or spreading itself further.
How To Remove Account Access From The Fake Google Docs
For those who clicked on the fake Google Docs link in the phishing emails, the app can be removed by going to the Google accounts page and viewing the permissions granted to apps on that account.
Locate the “Google Docs” app. It should show a recent Authorization Time, as it is an app that likely just recently was granted permission to the account.
Click on Google Docs and click the “Remove” button. This will revoke access and stop the app from using your account to continue spreading the attack.
It’s also a good idea to take the opportunity of removing the fake Google Docs to go through the apps that have been granted permission to access your account and make sure they are all services you trust and need. The attack is a friendly reminder that your information is more widely accessible than you may realize, and an attack on any of those individual apps may compromise you.